Help my Linksys WRT54G router was broken into using the "curl" command

Discussion in 'Computer Security' started by Debbie Hurley, Jul 4, 2007.

  1. Actually, the trolls aren't as much of a problem as those that post
    inane, useless, irrelevant, thoughtless, unsubstantiated, and
    generally stupid, one-line responses (like this one).

    If you feel that you've wasted your time reading this message, you're
    correct, and I've achieved my goal.
     
    Jeff Liebermann, Jul 8, 2007
    #41
    1. Advertisements

  2. Debbie Hurley

    John Gray Guest

    Are you sure they aren't trolls?<G> What makes you think just because one
    frequents a Usenet group for a number of months and constantly throws
    diatribes and jabs likely isn't a troll?

    I'd already read some of the links and information you posted in this
    thread. Debbie could have disabled(if she didn't) remote configuration.
    Most people have no need for remote configuration at all. Securing the
    WiFi connections would have helped. Sadly, most routers would be returned
    when they didn't connect if the security wasn't mandatory. Additionally,
    updating the factory firmware to the latest version would have helped. As
    would not letting anyone touch the router, including the kid next door.

    I don't believe that V5 and above have third party firmware. All the third
    party firmware for the WRT54G has been Linux based. Even if these newer
    routers could run it, the rom size has been reduced and these firmware
    wouldn't fit anyway.

    Secure the computers on the LAN first,and then the router. Between the
    two, most people will be quite safe. Of course, none of these will protect
    people from themselves or guests let into their homes.

    This thread has gotten quite heated. The solutions are lost in the storm
    of conflicting messages, and taking a confrontational stance only makes it
    worse regardless of the accuracy of what was posted.
     
    John Gray, Jul 8, 2007
    #42
    1. Advertisements

  3. OK. I'll confess. I spend several hours a day answering questions in
    alt.internet.wireless, several other groups, and a few mailing lists
    for the purpose of baiting and insulting people. I provide the
    necessary technical details, background, URL's, and possible solutions
    for self engrandizement and to make others look bad by comparison. I
    also take pot shots at the experts when they screw up, solely for
    target practice. Whenever I answer a question, I always use marginal
    examples to maximize the potential for topic drift. I do all this to
    gather attention to myself, just like a troll. Happy?
    Amazing. I don't even read my own postings. It's good to see that
    someone reads my stuff because apparently the person asking the
    question often fails to read my postings. For example, when I ask a
    specific question, such as what hardware is having a problem, I rarely
    get an answer. Fear of numbers, I guess.
    Sure. However she didn't know what it was, where it was located, what
    it did, or who turned it on. Such things don't happen by accident.
    Someone had been playing and it wasn't her. Interestingly, nobody
    mentioned running an online port scan, which surely have shown port
    8080 to be accessible.
    Agreed on all points. That would be one approach. What I recommended
    is that she trusts the 15 year old kid with maintaining her system and
    her security. It has its risks, but my experience with the local high
    skool hackers shows otherwise. Other approaches would be to hire
    someone with a clue, spend some time getting up to speed on wireless
    security, or find someone online that will do the job remotely.
    My experiences with v5 and v6 WRT54G routers has been limited and
    dismal. That's because I've exchanged or sold every one that I've run
    into.

    DD-WRT works on v5, v6, and v7. I tried it on several v5 routers and
    found no improvment to the chronic hangs and disconnects.
    <http://www.dd-wrt.com/wiki/index.php/Linksys_WRT54G/GL/GS/GX>
    <http://www.dd-wrt.com/wiki/index.php/Version_5_And_6_Router_Information>
    There's some work being on on v7 and v8 but all I've seen is:
    Agreed. Facts, details, references, anecdotes, analysis, and sometime
    my opinions create considerable friction. I'll try to limit myself to
    tactful generalizations, respectful sympathy, and perhaps one line
    replies.
     
    Jeff Liebermann, Jul 9, 2007
    #43
  4. Debbie Hurley

    John Gray Guest

    The DD-WRT firmware that will install on the newer WRTs is a micro version
    with much of the added functionality available in the larger DD-WRT
    firmware removed, among other changes. Below is copied from one of the
    replies on the first link above. The second pasted paragraph is from the
    second link above.

    ====================================================
    Allright, ya see the thing is that anything after v4 or the G or GS is
    castrated to be blunt. They only have 2 mb of flash. This is about half of
    what the standard distro of DD-WRT needs. Sorry folks, but if you have a
    V5, 5.1 or 6 or the G or V5 or 6 of the GS your stuck with the micro
    version. Check ebay or something for an older one. The best version is a GS
    version 3. It has 32 mb of ram and *i believe* 8 mb of flash. If you really
    want a powerhouse router go and drop about $100 on an Asus WL-500G deluxe.
    That is really about a good as you can get for DD-WRT unless you want to go
    the MagicBox route.
    =====================================================

    =====================================================
    WARNING: Flashing your router with a third-party firmware VOIDs the
    warranty. You can not rely on a reversion firmware being available. I never
    have posted the reversion firmwrare for the GS. Do not return routers after
    you've flashed them, this just encourages the vendors to make sure third
    party firmwares can not be used.

    WARNING: You may brick your router if something goes wrong. You assume full
    liability for whatever happens and hold nobody responsible for damages,
    tangible or intangible, resulting from the use or mis-use of information or
    software found here. You (the user) assumes all liability.

    WARNING: At the moment for WRT54GS units this is a one way operation. No
    reversion back to VxWorks is available. Since DD-WRT is profiting from this
    project, I believe it is their responsbility to create a reversion firmware
    for the GS unit. It is an easy chore, I already created the framework in
    the G reversion firmware and developed utilities to make the process
    easier.
    =====================================================

    A year ago, I had to search the local retail stores to find an older WRT54
    that had the Linksys Linux firmware. I finally gave up and got the friend
    a WRT54GS in order to stay away from VXWorks and to have more ram and rom
    available. He'll never use the GS speed on WiFi.
    One line replies don't suffice either. Evidently that's all it took to
    trip your trigger.<G>
     
    John Gray, Jul 9, 2007
    #44
  5. Correct. See table of features at:
    <http://www.dd-wrt.com/wiki/index.php/What_is_"DD-WRT"?>
    The only version that works is the Micro version for V5 and V6.
    Note that the feature for the micro is about the same as what you get
    with the stock Linksys firmware with RADVD added. It's the added
    features that make DD-WRT and OpenWRT attractive (to me). In
    addition, installing DD-WRT on v5 and v6 routers is somewhat of an
    ordeal. Not recommended.

    Incidentally, you brought up the problems with v5 and v6 in this
    discussion. Why?
    Walmart was selling WRT54Gv4 routers until just recently, when they
    finally ran out. I switched to Buffalo routers for new installations.
    They have the same processor and memory as the Linksys v4, but IMHO
    are a better device. No problem with supply yet, but the recent
    injunction for patent infringement may eventually cause problems. Also
    note that there are a very large number of other boxes that will run
    DD-WRT or OpenWRT.
    Well, I'm having a rather bad time of it lately. It started with a
    bad day, then a bad week, and may soon turn into a bad month. Try not
    to take my vicious attacks personally. I've been snarling at everyone
    lately but should be back to my normal level of hostility in about a
    month.
     
    Jeff Liebermann, Jul 9, 2007
    #45
  6. Debbie Hurley

    John Gray Guest

    Actually, I mentioned it due to DD-WRT being recommended in this thread.
    I'd researched this when I was in the market for a WRT54 for a neighbor. I
    found a page that listed the various hardware differences between the
    versions. Most informed sources I visited recommended finding the earlier
    versions.

    The WRT300N looks promising.
    We all have days like that. I've had to delay responding sometimes. On
    reading the post later that I was going to reply to, my outlook or take on
    what and why something was written often changes. Often, what one means to
    say is interpreted incorrectly, either due to bad composition or the
    reader's different POV or baggage. We all have baggage, and not all if it
    is helpful experience all the time.

    A shot of Jack Daniels at bedtime may help. Just don't overindulge.<G>
    Hangovers don't help one's disposition. As for me, I'm just a 'ray of
    sunshine'.<G>
     
    John Gray, Jul 9, 2007
    #46
  7. I just checked all my postings on the topic. I did mention DD-WRT as
    she wanted to change the login name as well as the password. It's not
    exactly a recommendation. See:
    <http://groups.google.com/group/alt.internet.wireless/msg/866ce8f64b85b329>

    "Other routers allow additional users and even
    user levels, such as read-only users. If you really
    want this feature, the alternative firmware (DD-WRT,
    OpenWRT) all have additional users. However, again,
    this is nothing but security by obscurity and doesn't
    provide any real security."

    For a moment there, I thought I had made a mistake. Whew...
    v1 only. v2 doesn't play (as a friend recently discovered the hard
    way). He bricked it so well that I had to use the JTAG firmware load
    Yep. I have all that and more. Add massive confusion on my part as
    to the topic of discussion precipitated by posting to perhaps 12
    different but similar threads every day. It's really difficult to
    keep them straight. Re-reading the previous postings is required, but
    I still manage to mix things up. Add to that medical problems,
    problems with the ladyfriend(s), customers from hell, and gaining some
    more surplus mass around the waist. I also don't bother doing battle
    with myself (I always lose) or apply much tact when answering
    questions. The results are predictable.
    I don't drink. It's not anything religious, moral, or ethical. I
    simply have low dissipation and can't handle booze very well. I also
    have one drunk and one recovering alcoholic in the family, and I don't
    want to end up like them.

    Time to take out my aggressions on the piano (synthesizer) instead of
    the newsgroup.
     
    Jeff Liebermann, Jul 9, 2007
    #47
  8. Debbie Hurley

    zacek Guest

    Hi, my name is Adrian, and i`m interestin in how to use curl command
    to break the password and login to the wrt54g LINKSYS acces point, i
    dont know the version of firmware but i think is the same like yours,
    i need help because i thing someone change my password administrator.
    Plis send a reply as soon as posible.

    ATTE. Adrian
     
    zacek, Jul 9, 2007
    #48
  9. Debbie Hurley

    DTC Guest

    Regardless of the firmware (which can be found on the back label), it can
    be reset.

    Hold down the reset button for at least a full 30 seconds. This will
    default your router to factory settings, including the password. Of course,
    you'll have to reset all your custom settings.

    It IS *your* router, right?
     
    DTC, Jul 9, 2007
    #49
  10. Debbie Hurley

    John Gray Guest

    Thanks. If I was in a buying mode, I'd be hunting for such articles for a
    couple of weeks minimum before committin to a decision. No decision comes
    lightly for me.
     
    John Gray, Jul 9, 2007
    #50
  11. Debbie Hurley

    seaweedsteve Guest

    Am I missng something here? Isn't the WRT54GL the one they now sell
    specifically for those who want to use replacement firmware? Not
    castrated and simple to change FW.

    If one must have a new linksys running DD-WRT, that's the one to
    get.

    Steve
     
    seaweedsteve, Jul 13, 2007
    #51
  12. Debbie Hurley

    John Gray Guest

    That was the one that Cisco came out with after it neutered the WRT54G by
    reducing the rom flash and buffer memory as well as switching to VXWorks
    firmware. It was in response to customer complaints of removal of the
    Linux open source firmware that could be rewritten for the DD-WRT and other
    third party firmware. With the new rom size, it wouldn't fit anyway.
     
    John Gray, Jul 14, 2007
    #52
  13. Nope. The WRT54GL is identical to the reduced flash/RAM WRT54G v4. It
    was Linksys knee jerk reaction to general disgust over the v5 and v6
    mutations. Of course, they raised the price at the same time. To
    underscore Linksys commitment to open source, they came out with the
    WRT54 v8 which so far can't run Linux, and has non-removeable
    antennas.
    Nope. Many people working on open source alternatives have given up
    on the WRT54G/GS line for the aformentioned reasons. Meanwhile,
    DD-WRT and OpenWRT have been ported to a growing number of other
    devices, which are not as disgusting as the WRT54G v5, v6, and v7. For
    example, I've been using mostly Buffalo products and have not
    regretted the change.

    <http://www.dd-wrt.com/wiki/index.php/Supported_Devices>
    <http://wiki.openwrt.org/TableOfHardware>


    Free advice: Never try to oil a power supply fan while it's running.
     
    Jeff Liebermann, Jul 14, 2007
    #53
  14. Debbie Hurley

    John Gray Guest

    The V4 only changed the chipset to a Broadcom BCM5352EKPB Chipset. It has
    the same rom and ram as previous versions. V5 and above did that. The GL
    has the same rom and ram as the WRT54G V1 thru V4 according to this site.

    http://en.wikipedia.org/wiki/WRT54G#Hardware_and_revisions
     
    John Gray, Jul 14, 2007
    #54
  15. From the same article at:
    <http://en.wikipedia.org/wiki/WRT54G#Hardware_versions_affect_firmware_compatibility>
    "To support third-party firmware, Linksys has re-released the
    WRT54G v4, under the new model name WRT54GL (the 'L' in this
    name allegedly stands for 'Linux')."
    My inspection of both boards shows that the v4 and GL are identical
    inside. However, that was a while ago and the GL may have mutated in
    the meantime.
     
    Jeff Liebermann, Jul 14, 2007
    #55
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.