Results 1 to 11 of 11
  1. #1
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Disturbing Article on Linksys Routers

    Just read a very informative and disturbing article on Linksys Routers . Upon running the Gibson Research "Shields Up" tool, I immediately stealthed my router's Port 113 and disabled the router's UPnP services. Might be a heads up for all users of Linksys routers who thought that they were completely firewalled.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  2. #2
    Lounger
    Join Date
    Nov 2001
    Location
    Carson City, Nevada, USA
    Posts
    46
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Disturbing Article on Linksys Routers

    Thanks for the referenve.
    I have the BFSR41 Linksys router mentioned in the article and just ran the Gibson tests and tested "perfect". ie: All ports are in stealth mode. I have not upgraded my routers firmware for some time and do not have the UPnP option. After reading this article, I don't plan on upgrading!

    ... Robbie

  3. #3
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Disturbing Article on Linksys Routers

    Sounds good. When I ran the test, all ports except 113 were stealthed. 113 was "Closed", and even in Closed mode, it sends back a response. As for UPnP, are you sure you don't have this option? On my setup, it is on the "Password" page.

    In all fairness, both of these vulnerabilities are easy to correct, but before reading the article, I was completely unaware of either. I guess the author is critical of Linksys for not having these "corrected" settings as defaults.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  4. #4
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Disturbing Article on Linksys Routers

    John,

    Have you read Steve's opinion on UPnP? He even has a quicky little utility to disable it. You can get it at his site.
    The gist of his write up on UPnP is:
    --------------------------------------------------------------
    Translating eEye's and Microsoft's statements into consequences, this means that without the security update patch, and with the Universal Plug and Play (UPnP) system in its default "enabled" state, any of the many millions of Internet-connected UPnP-equipped Windows systems could be remotely commandeered and forced to download and run any malicious code of a hacker's design. This includes using the machine to launch potent Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks.

    This means that extremely damaging CodeRed and Nimda-style worms can now be written for millions of Windows machines. Whereas the Microsoft IIS server worms of 2001 found and infested 'only' several hundred thousand IIS servers, a Windows "Universal Plug and Play" worm would have more than ten million XP systems, in addition to many more Windows 98/ME systems, upon which to prey today
    -------------------------------------------------------------
    As he said, the default is enabled, so I wonder just how my machines are vunerable?
    I disabled it on mine a long time ago.

    BTW, I just ran "Shields Up" again just now and I'm ALL stealth mode on the first 1056 ports.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  5. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Disturbing Article on Linksys Routers

    I echo the THANKS for the heads up, John! My BEFSR41 is at firmware 1.44 and I've always had UPNP disabled. But I hadn't run ShieldsUp for a couple of years. Sure 'nuff, port 113 was the only one that showed as "closed" where all the rest tested as "stealth." I reset it and retested so I thank you for the notice.....

  6. #6
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Disturbing Article on Linksys Routers

    Glad to be of help Al. I had completely forgotten about "Shields Up" until I read this article. I have used other utilities from time to time (including Norton's on-line security check) and everything was reported as safe. I was really surprised to find 133 NOT stealthed when I ran "Shields Up". As for Bob's comments regarding Gibson's tool to disable UPnP, if I am correct, this tool only disables the Windows UPnP service. From what I have read, if UPnP is enabled in the router, the router can turn this service on. Perhaps it is best to disable it in both locations.
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  7. #7
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Disturbing Article on Linksys Routers

    Let's quickly add DO NOT THROW OUT your Linksys routers. They are still excellent routers - and this problem takes about 60 seconds to fix.

    1. Enter your router's admin page through your browser.
    2. Under the Advanced tab, click on Forwarding
    3. Enter a description under Customized Applications (I put "IDENTGibson" - IDENT is the name of the service that runs on port 113 and Gibson is for The Internet Security God, Steve Gibson.
    4. Under Ext.Port, enter "113 to 113". Check both Protocols. Enter the last octet of a non-existent IP - that is, use an IP that would never be assigned to a device on your network - I used "200" (don't know what would happen if you picked a number higher than 255 - best not to try it.)
    5. Make sure you check "Enable" and click Apply, Continue, then exit the router (close that browser session)

    Fixed! Now you can run Shields Up, and download and run LeakTest, and pass with ease.

    As for future purchases, it seems Linksys is not being very aggressive addressing this potential security issue. As Steve Gibson reports in his report, IDENT is obsolete - there's no need to leave a hole open for a legacy service such as this. It is just a simple bit change in the code to change the default on Port 113 to stealth, but Linksys is dragging their feet. That is disappointing as I have used and recommended Linksys routers, bridges, and WiFi cards for years. But, until Linksys addresses this in their code, for that reason alone, I recommend looking at other brands - at least to my non-geek contacts.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  8. #8
    Lounger
    Join Date
    Nov 2001
    Location
    Carson City, Nevada, USA
    Posts
    46
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Disturbing Article on Linksys Routers

    John, I checked again and can find no reference to UPnP. I am on Firmware version 1.40.1, Sep 10 2001. Maybe to early for that option.
    Considering that Gibson gives me a fully stealthed condition, I have going to hold off updating for now!

    Thanks again...

  9. #9
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Disturbing Article on Linksys Routers

    Right. Probably a difference in firmware versions. And, if you are now fully stealthed - If it ain't broke........
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  10. #10
    5 Star Lounger
    Join Date
    Mar 2001
    Location
    Pickering, Ontario
    Posts
    642
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Disturbing Article on Linksys Routers

    For what it's worth... I do not have a Linksys router but rather a Netgear. With my Netgear, all ports are "stealthed" with the exception of 113 which is shown as "Closed". So, perhaps it is not just a problem with Linksys. On the other hand, I read Gibson's comments about the port 113 situation and there is reference to the fact that Zone Alarm does provide the necessary security level for the port. Another "vote" for us Zone Alarm users!?!? <img src=/S/smile.gif border=0 alt=smile width=15 height=15>

    Here's the link for Gibson's article of port 113. If I am wrong about my interpretation then please advise.

    Cheers, Bob
    Regards,
    Bob

  11. #11
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Disturbing Article on Linksys Routers

    Bob,

    Zone Alarm does indeed close the port 113 and all the ports that Steve tests up to 1056. Probably more, but that's all that he tests.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •