I now have my ActionTec router that Verizon gave me with my FiOS set to use my OpenWRT router as the DMZ Host. So far, so good. The only major "problem" so far is that if I portscan myself, all of the ports that I am not running services on show up as "closed". The ports I run services on and a few others drop the packets on the floor and show up as "stealth". I need to figure that one out but at least I'm connected through a secure connection now. I tried turning the ActionTec into a bridge but it doesn't seem to be worth the trouble. My bandwidth seems to be about the same with this config. The bridging methods I've seen appear to be a real PITA as you have to reset some things after power failures etc. Not worth it to me at this point.
Update: Quick tweak to a couple of lines in my firewall config on OpenWRT and everything is as it should be once again. grc.com reports my router is totally stealth.
Saturday, June 14, 2008
Tuesday, June 10, 2008
MH Alert: Major FiOS WiFi Security Hole
I recently got FiOS through Verizon. I am very pleased with the service. If you have FiOS, please take a look at your router... in particular the sticker with the default WEP key on it. Notice another number that is very similar that happens to be on the same sticker????? AHA - they use the last 10 characters of the MAC address as the default WEP key!!!!
So:
1. You aren't foolish enough to be using WEP, are you? Switch to WPA or WPA2.
2. If you have to use WEP, you aren't foolish enough to use the default WEP Key, are you?
3. The first 6 characters of the MAC typically are the same for the manufacturer/model so they are probably all the same.
4. WiFi 802.11b and 802.11g broadcast the MAC in the clear so your router is basically announcing it's default WEP key to the world!
I mentioned this to my installer and he said "yeah... people are stupid and they don't change it." He was fairly technical as far as installers go and knew it was an issue when I mentioned it.
This is so awesomely stupid on Verizon's part. Surely these things have serial numbers that could be used as the WEP key. "Can you hack (sic) me now? Good..."
"Verizon... It's the network" and it's not secure at all - BWAHAHAHAHAHA!!!!
Most WEP protection can be broken after collecting many thousands of packets. Verizon's can be broken after one packet - BWAHAHAHAHAHA!!!!
Personally... I'm going to turn off the WiFi on this beast altogether and use my OpenWRT router as the "DMZ Host" and use it's WiFi. If I can spot this hole during the installation of my service, what other gaping holes are out there waiting to be discovered? Verizon should have gotten a router that uses OpenWRT, the service would then rock my face off.
Be careful out there!
Update... In Verizon's admin interface, it has RECOMMENDED next to WEP and not next to any of the WPA options.
So:
1. You aren't foolish enough to be using WEP, are you? Switch to WPA or WPA2.
2. If you have to use WEP, you aren't foolish enough to use the default WEP Key, are you?
3. The first 6 characters of the MAC typically are the same for the manufacturer/model so they are probably all the same.
4. WiFi 802.11b and 802.11g broadcast the MAC in the clear so your router is basically announcing it's default WEP key to the world!
I mentioned this to my installer and he said "yeah... people are stupid and they don't change it." He was fairly technical as far as installers go and knew it was an issue when I mentioned it.
This is so awesomely stupid on Verizon's part. Surely these things have serial numbers that could be used as the WEP key. "Can you hack (sic) me now? Good..."
"Verizon... It's the network" and it's not secure at all - BWAHAHAHAHAHA!!!!
Most WEP protection can be broken after collecting many thousands of packets. Verizon's can be broken after one packet - BWAHAHAHAHAHA!!!!
Personally... I'm going to turn off the WiFi on this beast altogether and use my OpenWRT router as the "DMZ Host" and use it's WiFi. If I can spot this hole during the installation of my service, what other gaping holes are out there waiting to be discovered? Verizon should have gotten a router that uses OpenWRT, the service would then rock my face off.
Be careful out there!
Update... In Verizon's admin interface, it has RECOMMENDED next to WEP and not next to any of the WPA options.
Subscribe to:
Posts (Atom)