Posted on 06/01/2004 7:36:03 AM PDT by KansasConservative1
I have heard rumors regarding a Class Action lawsuit against Linksys / Cisco regarding the WRV54G. I too have had inumerable problems with this "VPN" router. Here is a partial list of my most recent. Also, I build networks for a for a living so I am not a rookie with routers or VPN connectivity.
- Router "goes away" every day or two and takes multiple resets to get it working
- Procedures for getting the microsoft software VPN client to work with it have only worked once and fail to work reliably or at all since.
- I have found no other software client (surprisingly Greenbow does not work either) that actually works with it.
- Many small errors... like changing the timezone to Central only to have it return to Pacific every time I commit.
- Numerous router to router lab tests have failed. The WRV54G appears not to be able to talk to a similar model.
- Rumors of transverse nat not working are abound on the internet. I cannot test because I cannot get it to work even once (even with support calls)
- Support calls are scripted and end in "we know that it works" yet they can provide no configuration examples of client examples becides the "windows client". Which as I said earlier, I saw work once for about 10 seconds.
On a positive note: For a VPN router that does not VPN nor route reliably, the wireless range is impressive.
Please post Class Action information or send privately to my account. KC1
I like what they came out with at BlackHat. It deauthenticates current users and grabs the SSID and MAC from the users when they try to reconnect. Why meddle with management frames when the clients themselves can tell you everything? Then you just clone and you're off and running.
The sent a packet of this type.
Disassociation frame: A station sends a disassociation frame to another station if it wishes to terminate the association. For example, a radio NIC that is shut down gracefully can send a disassociation frame to alert the access point that the NIC is powering off. The access point can then relinquish memory allocations and remove the radio NIC from the association
I was aware of that project. Wish I had a use for it so I could learn how to use it. Cheers.
I think the explosion of home DSL and cable internet connections have caused companies to rush to market with products that are simply inferior and not ready for public consumption. The problem is dramatically magnified by router companies winning sole-supplier contracts with phone and cable resellers.
The result is pure hit or miss for home users and small companies: the failure rate for these routers is incredibly high. I first noticed this trend with the Cisco 675 router: either you got one that couldn't be killed or you got one that lasted about three months, then over-heated and was toast.
All in all, I'm pretty pissed about the state of affairs.
I know this. Security was my job at one time, and at a time when wireless networks started being used by the Army -- they were quite paranoid about the security implications. People in my section would go war driving to find unauthorized wireless networks and authorized ones that weren't properly secured.
It's sad I missed a bit of fun. I was about to get a new job where I would get to go wardriving in my cool little sports car, but the contract got cancelled due to deployment. I already had plans to clamp the directional antenna to the rollbar (with a handle for pointing it) and have a laptop on a mount by the passenger dashboard.
Oops, I see why you wrote that. deauthenticate = disassociate. WTF would "deauthenticate" mean?
Typing faster than my brain.
On this particular PC I have very little as fas as security, however there is no, none, zippo, personal information. Even the passwords are 5 and 6 letters.
Probably the best I've done for this one is to shut down Java and Active X to prevent scripting.
One of the men whom I hire occasionally can "break into" just about any pc, PGP, firewalls or not. The young fella is as a wizard. I wouldn't want to bet that he could get into yours in less than 30 minutes but the odds are quite high that he could.
One of my associates had the same attitude you do. So he bet the kid $100 he couldn't do it, 20 minutes later he came back inside and asked what file he should reveal the contents of. Don't ask me how he did it, I wouldn't be able to explain it even if he'd told me.
I guess what I'm saying is be careful because if my technician can do it, I'm sure others can too.
Do you use the VPN functionality? What about the reboots etc?
Nope, we have VPN software supplied by our work, so
we don't do anything with the Linksys supplied stuff.
We haven't had any reboots yet, or any freeze-ups.
Wait a minute, you're taking advantage of someone who's not had enough coffee yet. Deauthenticate was right, but disassociate is technically right too.
Anyway, one of these days when I get around to it I'll dump the Linksys and set up a Linux router box with WAVEsec and a WAP (use one of those Cyrix chips, keeps the electric bill low). It's just one of the things in the project list, unfortunately other things like mowing the lawn always seem to take precedence (or are necessary to keep me out of trouble with the wife). Fishing seems to take up that time too. :-)
VPN software supplied by our work
VPN 3000 from Cisco, FWIW.
I know one of those kids too. He's far better than me, but then he doesn't have much of a life beyond hacking. I told him my setup and he says he'd have to park outside for a while to get in.
I'm really interested in the replacement firmware that Cringeley is talking about.
i nEVER tYPE fASTER tHAN mY bRAIN.. ;->
"I build networks for a for a living so I am not a rookie with routers or VPN connectivity."
Network engineer at work and dabble with home-network at my house and the house of another engineer. We try some pretty advanced stuff but I do understand that Linksys is not commercial grade.
It just a place to look but when you try to connect using VPN check your external IP before and after the attemp. The IP could be changing and this may be because of the ISP's policies. Or they just may be blocking you on certain ports.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.