D-Link Forums

The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: RogerSC on January 05, 2012, 04:53:06 PM

Title: Has anyone verified that WPS disabled is really disabled?
Post by: RogerSC on January 05, 2012, 04:53:06 PM
Now that WPS has been cracked (you can get "reaver" on the internet to run on your Linux laptop or VM), it has been found that several routers that have WPS disable/enable controls in their web GUI's are still vulnerable to attack.

Has anyone verified whether or not that's the case with the DIR-655?  I was feeling pretty good about my router until I read that some routers are still vulnerable to this attack even with WPS disabled in their web controls.

It would be nice to get confirmation for this router on whether I need to stop using it (no open source firmware available that I know of).

Thanks.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 06, 2012, 07:06:14 AM
WPS? What are you referring too?
Where did you read about this vulnerable attack?
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: RogerSC on January 06, 2012, 10:13:14 AM
Here's a couple of links about this vulnerability:

http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss (http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss)

http://www.kb.cert.org/vuls/id/723755 (http://www.kb.cert.org/vuls/id/723755)

The thing that stands out to me is that for some routers, even if WPS is not enabled, they are still vulnerable to this.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 06, 2012, 10:25:08 AM
Have you contacted D-Link and ask them if they are aware of this? I presume they are.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: RogerSC on January 06, 2012, 10:36:49 AM
According to the CERT notice, yes, they were notified 12/5/2011, and updated on 12/27/2011.

So yes, D-Link knows about this.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 06, 2012, 10:43:54 AM
So you haven't asked D-Link directly? Will be up to them to fix it if they verify and deem it necessary, if it effects ALL routers or not, test and release it. I would presume it would be a while before we see anything about his regarding FW updates.

In most cases turning off WPS in the router stops this if there is someone attempting this. I recommend doing this anyways as most users of the router don't use this feature unless they have supported devices like a wireless printer that has WPS. In most cases, anything wireless in mainly handled via SSID and the PW people can set up. Turn of  features that your not using on the router.  ;)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: RogerSC on January 06, 2012, 10:51:39 AM
I haven't found dealing with D-Link support to be very illuminating or useful.  The one time that I did try to talk to them, they wasted a lot of my time, which I'm not eager to repeat.  However, a certain number of people test their router to see if it is vulnerable using the reaver program.  That's what I was trying to find out, if anyone who reads this forum has done this, and what the results were.

My Linksys E4200 was tested by several people and failed.  As a result, I switched it to tomato open source firmware, and it's doing fine.  As there is no open source firmware for this router, which I use as an AP, I thought I'd ask.  Yes, D-Link will have to fix this if the router turns out to be vulnerable.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: RogerSC on January 06, 2012, 11:39:29 AM
By the way, I share your "turn off what you're not using" philosophy for any hardware including routers.  Very little was turned on by me in when I upgraded to the tomato firmware, just basic routing and wireless.  For one thing, that way you don't run into bug in parts of the firmware that you don't care about.  And also the router processor(s) and memory can be used for routing, rather than bandwidth monitoring, etc.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 06, 2012, 12:41:56 PM
I saw that mentioned in a article about this issue. WPS is on be default. Which it ok for the most part and it's marketing. There just trying people to use the feature. Most people I talk to or help out, I've asked they they don't know about, or don't use it at all. I think it's a nice feature however I don't think it should be ON by default, I'm sure they could find other ways to easily have users enable it with out hassle. But that's me.  ;)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: RogerSC on January 06, 2012, 01:49:51 PM
It's not just you, any security-related feature like WPS should be able to be fully disabled, and in fact should be delivered disabled by default, and have to be enabled to use it.  That would have taken care of this problem for all the people that don't use WPS.  Very little excuse for not being able to fully disable this feature, or having it enabled by default.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 06, 2012, 02:07:12 PM
Ya I agree, just seems like there are extra features that should be disabled out of the box however were dealing with marking here.  ::)

Well I D-Link knows about it. I might start having people turn it off if there really worried about it.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: RogerSC on January 09, 2012, 10:53:17 AM
If this really works according to:

http://www.smallnetbuilder.com/wireless/wireless-features/31664-waiting-for-the-wps-fix (http://www.smallnetbuilder.com/wireless/wireless-features/31664-waiting-for-the-wps-fix)

then with WPS disabled, WPS PIN is not available.  So this should answer my question.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 09, 2012, 11:42:08 AM
Also Select Link:WPS Security Vulnerability Information (http://forums.dlink.com/index.php?topic=45183.0)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: nicknml on January 12, 2012, 05:12:31 AM
I tried reaver against a spare router (installed in on Backtrack on a virtual machine) that I have lying around and it really does work (it does take a while, but it does eventually get the PIN)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 12, 2012, 07:06:14 AM
Was WPS ON or OFF for this test?
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: nicknml on January 12, 2012, 11:45:41 AM
It was ON, I was just seeing how how effective the tool was at exploiting the vulnerability to get the WPS PIN.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 12, 2012, 01:16:07 PM
Can you test and see if it gets the PIN while WPS is OFF?
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: nicknml on January 12, 2012, 03:41:45 PM
I tested my DIR-655 with WPS off and I can confirm that WPS is truly disabled :)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 12, 2012, 03:55:05 PM
Kewl, thanks for the info.
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: nicknml on January 12, 2012, 05:47:49 PM
Do you think Dlink will fix this issue by implementing a lockout after a certain amount of failed attempts (and most likely disable WPS by default) in the next firmware version? 
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 12, 2012, 06:57:35 PM
This is not D-Links issue perse, it's a protocol issue with the main standard for this protocol. Those who developed this protocol will have to address this as this protocol is in use by most of not all WiFi Mfrs. Once it's been addresses at that level, the Mfrs will implement it into there code, products needing the fix, test and release FW. It's up to the people who developed or maintain the protocol to figure out what there doing to do with it. Who knows what they do and if they even tell the public how they fix it.  ::)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: nicknml on January 13, 2012, 04:26:28 AM
This is not D-Links issue perse, it's a protocol issue with the main standard for this protocol. Those who developed this protocol will have to address this as this protocol is in use by most of not all WiFi Mfrs. Once it's been addresses at that level, the Mfrs will implement it into there code, products needing the fix, test and release FW. It's up to the people who developed or maintain the protocol to figure out what there doing to do with it. Who knows what they do and if they even tell the public how they fix it.  ::)

True, however I do believe the protocol does allow for lockout periods (a few router manufacturers have implemented this.)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on January 13, 2012, 06:37:57 AM
Time will tell. I'm sure what ever they come up with, should fix the problem, however who know when someone else will find a work around.  ::)
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: spoutinwyze on October 24, 2014, 04:45:36 PM
Do you think Dlink will fix this issue by implementing a lockout after a certain amount of failed attempts (and most likely disable WPS by default) in the next firmware version?
Interestingly enough I tried RFA and keep getting "Detected AP rate limting, waiting 60 seconds."
I logged into my router and found that the WPS is enabled and configured, but WPS pin method is disabled. It seems contradictory, is it enabled or disabled? I looked closer and my log and saw the pin attempts first came through about 5-6 of them before the AP error came up. I thought maybe it auto locked the WPS feature after some failed attempts. I couldn't find anything that explained the screen I saw that contradicts itself. I took a screen shot but won't let me attach
Title: Re: Has anyone verified that WPS disabled is really disabled?
Post by: FurryNutz on October 24, 2014, 05:02:53 PM
What model router do you have?

What FW version is currently loaded?

We recommend disabling WPS completely if your not using it. We recommend using SSID and PW for WiFi access for your wireless devices.

Do you think Dlink will fix this issue by implementing a lockout after a certain amount of failed attempts (and most likely disable WPS by default) in the next firmware version?
Interestingly enough I tried RFA and keep getting "Detected AP rate limting, waiting 60 seconds."
I logged into my router and found that the WPS is enabled and configured, but WPS pin method is disabled. It seems contradictory, is it enabled or disabled? I looked closer and my log and saw the pin attempts first came through about 5-6 of them before the AP error came up. I thought maybe it auto locked the WPS feature after some failed attempts. I couldn't find anything that explained the screen I saw that contradicts itself. I took a screen shot but won't let me attach