Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jim Knoble (jmknoble_at_pobox.com)
Date: Wed Nov 13 2002 - 17:27:30 CST
-----BEGIN PGP SIGNED MESSAGE-----
Circa 2002-11-07 09:59:29 -0500 dixit David Endler:
: FYI starting today, Linksys has created the address
: securitylinksys.com to receive information on vulnerabilities within
: any of their products.
: Additionally the iDEFENSE advisory, 10.31.02a: Denial of Service
: Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router, has been
: udpated to reflect an official vendor response from Linksys. Also,
: the analysis section has been refined to address some inaccuracies
: from people reporting on this in the press.
: VII. VENDOR RESPONSE
: [...] Internal gozila.cgi attacks only take place if a user
: inadvertently activates a malicious link, file or other form of code,
: just as an email virus is triggered.
Internal attacks also take place if a malicious user intentionally
conducts the attack. In some network environments, some or all users
may be untrusted.
: [...] All Linksys routers have the "Block WAN Request" feature
: enabled by default as another security measure, preventing them from
: being "pinged," or pinpointed, on the Internet.
However, listeners on the same cable segment can detect a Linksys
router using MAC address techniques even if Block WAN Request is enabled.
: The BEFSR41's latest firmware version 1.43 is available for free
: download at http://www.linksys.com/download/firmware.asp?fwid=1.
Note that, when i upgraded my BEFSR41 to firmware 1.43, the Forwarding
tab stopped working---it only produced a 'Broken pipe' error in the
Downgrading to 1.42.7 caused the Forwarding tab to work again.
I contacted Linksys support to report this issue, but the response was
not very useful (paraphrase: "Don't upgrade firmware unless it's
Note that, if you move between 1.43 and 1.42.7, you should carefully
check the Filters configuration to ensure that your settings for Block
WAN Request, Multicast Pass Through, etc. have not changed. Because
the 'SPI' item is removed in firmware 1.43, the settings for Block WAN
Request changed when i upgraded to 1.43, and they changed again when i
downgraded back to 1.42.7.
jim knoble | jmknoblepobox.com | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
"I am non-refutable." --Enik the Altrusian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (Linux)
Comment: See http://www.pobox.com/~jmknoble/keys/ for my public key.
-----END PGP SIGNATURE-----