[MLB-WIRELESS] Dlink AP security hole etc.

paul van den bergen pvandenbergen at swin.edu.au
Tue Jan 21 16:04:32 EST 2003


On Tue, 21 Jan 2003 03:29 pm, Craig Sanders wrote:
> On Tue, Jan 21, 2003 at 01:33:23PM +1100, paul van den bergen wrote:
> > to do a firmware update on these boxes, do you need to be logged into
> > the AP interface?  or can you flash them without anything other than
> > seeing them on stumbler (etc.)
> >
> > in other words, does the "security flaw" require authorised (yeah,
> > well) access?
> >
> > either way, has anyone sought to inform those who consider this an
> > issue (CERT, for example) that this is a problem?
>
> i don't know, but it's of serious concern to me.  i'm astounded that
> dlink could possibly think that it was OK to release something with such
> a wide-open gaping security hole.  i'm hoping that it's not as bad as
> the reports indicate.

from a previous (private) reply, it is suggested that v2.5 allows 
non-interface login'd flashing of the rom (or whatever). In other words the 
security hole lies not in the upgrade patch but in the version being 
overwritten. having said that it is not clear whether the vulnerability 
exists in the patched version (<2.5? I am not clear of the version history 
here).

so I would be interested in hearing what versions allow uncontrolled patching.
and also if it is a version bug or a patch permission bug (or both even... 
either way, it is a worry)



>
> i'm also seriously considering replacing my dlink 900AP+ with a PCI or
> PCMCIA card in my linux box - and accept the signal loss of ~15 metres
> of LMR-400 cable.  at least i can be confident that it is secure....and
> i'll have full control over the routing and bridging capabilities.
goto {flag}
snip

> if i ping from say the laptop to antifsck , then tcpdump shows the arp
> request going out the wlan0 interface, but it never gets seen by
> antifsck.  AFAICT, it's just being blocked by the AP.  ditto for any
> traffic from antifsck to the laptop.  not good.

bridging issue?


>
> 2. the second major problem is that with v2.5, the AP seems to forget
> about clients if it doesn't hear from them for a while.

turn off sleep mode settings?

and snip
{flag}
>
> i should downgrade to 2.4 firmware and see if the problem goes away.
> but then i lose the useful ability to set the Tx power to 19dbm rather
> than the puny 13-15dbm.

there were some links floating around about using crofted snmp packets to set 
this... is this whatr you are referring to? or is it an interface option...

similarly, is OpenAP (http://opensource.instant802.com/) an option for this 
machine... Hmmm </lazy>

from google...
http://www.pasadena.net/aprf/
for Linksys WAP11, SMC MC2655W and the Netgear ME102

excert from http://www.wirelessworld.com.au/DLink%20DWL900AP.htm

    D-Link DWL-900AP 11MBps Wireless Access Point
...
The DWL-900AP is essentially the same as the DWL-1000AP but configuration & 
management is via a USB or SNMP connection, whereas the DWL-1000AP can also 
be configured and managed via a Web Browser .
...

so who knows...





-- 
Dr Paul van den Bergen
Centre for Advanced Internet Architectures
caia.swin.edu.au
pvandenbergen at swin.edu.au
IM:bulwynkl2002
would somebody get this big walking carpet out of my way?

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list