Disable WPS setup if you got it enabled.
Posted: Mon Jan 02, 2012 1:07 pm
The Ultimate Wireless Forum
http://www.netstumbler.org/
http://www.netstumbler.org/hardware/disable-wps-setup-if-you-got-it-enabled-t23943.html
streaker69 wrote:I guess it's a good thing I'm still using older AP's that don't have those new fangled vuln's.
Actually, so far it seems that its mainly Linksys/Cisco gear that doesn't disable WPS even if you select to disable it in the router's GUI.Barry wrote:It's better to flash dd-wrt or open-wrt, because just disabling it, might not actually disable it.
Guest wrote:Actually, so far it seems that its mainly Linksys/Cisco gear that doesn't disable WPS even if you select to disable it in the router's GUI.Barry wrote:It's better to flash dd-wrt or open-wrt, because just disabling it, might not actually disable it.
I've tested so far on a Trendnet TEW-673-GRU (equal to a D-link DIR 825, with an added LCD display and 2 USB ports), a TP-Link TL-WR1043ND, a Netgear and a couple of Linksys/Cisco routers.
The Trendnet and TP-Link models were cracked within 3-5 hours with the Reaver tool. The Netgear employed security delay measures, upon multiple attempts for PIN registration, but still was cracked after 11 hours, with appropriate timeout settings tweaking in the Reaver commandline (Reaver 1.3 from their SVN employs an algorithm to finetune the delays automatically, either from a community updated DB, or via heuristics during its run).
The Linksys E-series routers I tested against were cracked after 4 and 6 hours. They were then reconfigured with WPS off in their settings, and coldbooted, yet were again cracked. This wasn't possible with the Trendnet, TP-link or Netgear models. On these, the WPS capability was not available when disabled in their GUI, and Reaver just sits waiting, untill its ctrl-C'ed.
Dragorn has implemented detection of WPS capability for detected AP''s in Kismet, which will show in the server console log. If the encryption capabilities listed show WPS, it is vulnerable. Its not visible in the Kismet GUI listing of networkdetails yet. I've asked him if he can include an alert for reaver type attacks in kismet for those who use it as a WIDS.
So yes, if you have a Linksys/Cisco device, with WPS functionality, reflashing to DD-WRT or Open-WRT is a good idea, if they support your device. Not really needed on the other 3 manufacturers devices I've tested (Trendnet + Dlink, TP-Link, Netgear).
Dutch