Krack Vulnerability!

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Goto page Previous  1, 2, 3  Next
Author Message
d0ug
DD-WRT Guru


Joined: 31 Jul 2015
Posts: 760

PostPosted: Tue Oct 17, 2017 2:15    Post subject: Reply with quote
Cantenna wrote:
d0ug wrote:
Reading some more into this around various forums. It sounds like this issue is totally a client issue. Patching the AP is NOT going to fix unpatched clients.

The patches that are being put into DDWRT have to do with the wifi client portion where DDWRT can be a client on a wifi network either in a repeater mode or ethernet to wifi bridge mode.


Regarding the patches; hope more are coming.

Based on what I read here;
https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/

"Depending on the type of handshake being used between the nodes on the Wi-Fi network, the attack can do varying levels of damage"

So ultimately it does seem that the router sets the stage...


Be nice if BS or Kong would post something in regards to what exactly is affected and what they are patching in DDWRT
Sponsor
Cantenna
DD-WRT User


Joined: 28 Feb 2011
Posts: 125

PostPosted: Tue Oct 17, 2017 2:58    Post subject: Reply with quote
d0ug wrote:
Cantenna wrote:
d0ug wrote:
Reading some more into this around various forums. It sounds like this issue is totally a client issue. Patching the AP is NOT going to fix unpatched clients.

The patches that are being put into DDWRT have to do with the wifi client portion where DDWRT can be a client on a wifi network either in a repeater mode or ethernet to wifi bridge mode.


Regarding the patches; hope more are coming.

Based on what I read here;
https://arstechnica.com/information-technology/2017/10/how-the-krack-attack-destroys-nearly-all-wi-fi-security/

"Depending on the type of handshake being used between the nodes on the Wi-Fi network, the attack can do varying levels of damage"

So ultimately it does seem that the router sets the stage...


Be nice if BS or Kong would post something in regards to what exactly is affected and what they are patching in DDWRT


Agreed, especially because this is news is being discussed now on most news broadcast stations.

Also some confusion regarding GCMP and CCMP; I've read, it's recommend to use old CCMP AES WPA2 encryption for the time being, not TKIP or new GCMP (which is what I've been doing for ages anyways, well, haven't been using TKIP but GCMP im unsure...)

I 'm not aware that I have ever used GCMP encryption that I know of at least, and recent Bryan Slayer logs seem to suggest that it GCMP was only introduced in September, so pre-Sept ddwrt builds had no GCMP support?

Or (and what I am confused about) do all newer AC capable routers such as the wrt1900ACS utilize GCMP on a hardware level as it's what make faster wifi speeds possible and can we degrade the wifi settings in any way through the gui to disable the use of GCMP and use CCMP AES?

Would like to get some confirmation here as well. Google DDWRT+GCMP = not a lot of info...

Welp, just setup my S8+ to auto-connect to rout via openvpn whenever wifi is up and drop when down...
armkreuz
DD-WRT Novice


Joined: 24 Mar 2016
Posts: 40

PostPosted: Tue Oct 17, 2017 3:56    Post subject: Reply with quote
d0ug wrote:
armkreuz wrote:
This is why third party software are awesome.
My galaxy 7 is already patched with Lineage OS ( well, AOKP ) Smile

I don't need to wait for an official patch from my service provider which can be only available in several weeks, as Google only plan to start deploying it on Pixel only at first, and only by November 6. So it can take a very long time to see service provider pushing an update on all their phones


I run lineage OS as well. Is Lineage OS already patched? My understanding is Google is still working on patches to be released in the November security release. So those patches likely aren't going to make is to AOSP and Lineage OS until after google makes that November release. Unless the Lineage OS guys have rolled their own patch. I honestly haven't gotten to reading up on whats going on with Lineage OS much yet.


I haven't check for Lineage OS specifically, but AOKP sure did.

http://xfer.aokp.co/AOKP/herolte/aokp_herolte_nougat_nightly_2017-10-16_changelog.html
DaveI
DD-WRT User


Joined: 06 Jul 2009
Posts: 269

PostPosted: Tue Oct 17, 2017 4:28    Post subject: Reply with quote
I'm a little confused on this after reading several other sites about KRACK...Windows updates patched this on the 10th (At least Windows 10 and 7)...Android and Linux are not patched yet. Most routers are not patched and it appears DD-WRT will be patched with the release of 33525 (hopefully tomorrow)...My confusion is if either the Router OR the Client is patched then does that eliminate the vulnerability or do BOTH Client and Router need to be patched?
jackspratUK
DD-WRT Novice


Joined: 08 Jul 2016
Posts: 13
Location: St Albans, UK

PostPosted: Tue Oct 17, 2017 9:02    Post subject: Reply with quote
So - with KRACK patched in r33525, but with DD-WRT reportedly not stable on the WRT-1900ACv1 beyond r31924 (thanks to the newer Kernel) what are people's thoughts? Time to upgrade my hardware?
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 6857
Location: Dresden, Germany

PostPosted: Tue Oct 17, 2017 9:10    Post subject: Reply with quote
its fixed for most devices with the latest version, but not for all. still have to fix propertiery drivers (broadcom, mediatek etc.) but i'm already working on it.

regarding the wrt1900acv1. whats not stable with it? i have one running 24 hours per day. in client mode, but its stable.

_________________
one cigarette costs 2 minutes of your life.
one bottle of beer costs 4 minutes of your life.
one working day costs 8 hours of your life.

Yummee:
Linux DD-WRT 4.14.8 #42 SMP PREEMPT Thu Dec 21 18:11:16 CET 2017 armv7l DD-WRT
root@DD-WRT:/sys# nvram get DD_BOARD
Netgear R7800
jackspratUK
DD-WRT Novice


Joined: 08 Jul 2016
Posts: 13
Location: St Albans, UK

PostPosted: Tue Oct 17, 2017 9:14    Post subject: Reply with quote
Thanks BS!

My understanding was that folk were having issues on later builds an the WRT-1900ACv1 - http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1093498

Given the linked thread, would you still recommend the current builds on the v1?

TIA
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 6857
Location: Dresden, Germany

PostPosted: Tue Oct 17, 2017 9:16    Post subject: Reply with quote
i see no significant report or log in this thread. thats the problem
_________________
one cigarette costs 2 minutes of your life.
one bottle of beer costs 4 minutes of your life.
one working day costs 8 hours of your life.

Yummee:
Linux DD-WRT 4.14.8 #42 SMP PREEMPT Thu Dec 21 18:11:16 CET 2017 armv7l DD-WRT
root@DD-WRT:/sys# nvram get DD_BOARD
Netgear R7800
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 6857
Location: Dresden, Germany

PostPosted: Tue Oct 17, 2017 9:17    Post subject: Reply with quote
so a advice would be. give it a try. do your own experience
_________________
one cigarette costs 2 minutes of your life.
one bottle of beer costs 4 minutes of your life.
one working day costs 8 hours of your life.

Yummee:
Linux DD-WRT 4.14.8 #42 SMP PREEMPT Thu Dec 21 18:11:16 CET 2017 armv7l DD-WRT
root@DD-WRT:/sys# nvram get DD_BOARD
Netgear R7800
jackspratUK
DD-WRT Novice


Joined: 08 Jul 2016
Posts: 13
Location: St Albans, UK

PostPosted: Tue Oct 17, 2017 9:21    Post subject: Reply with quote
BrainSlayer wrote:
so a advice would be. give it a try. do your own experience
Cool, thanks sir. Appreciate all your epic work! Cool

Will report any issues.
roland90
DD-WRT User


Joined: 22 Oct 2015
Posts: 77

PostPosted: Tue Oct 17, 2017 10:11    Post subject: Reply with quote
Thank you for the fast reaction. I am waiting for the new release.
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 6857
Location: Dresden, Germany

PostPosted: Tue Oct 17, 2017 10:31    Post subject: Reply with quote
will come today if basic checks are valid. build is already done. devices which arent fixed right now will follow as soon as possible.
_________________
one cigarette costs 2 minutes of your life.
one bottle of beer costs 4 minutes of your life.
one working day costs 8 hours of your life.

Yummee:
Linux DD-WRT 4.14.8 #42 SMP PREEMPT Thu Dec 21 18:11:16 CET 2017 armv7l DD-WRT
root@DD-WRT:/sys# nvram get DD_BOARD
Netgear R7800
Yemble
DD-WRT Guru


Joined: 17 Feb 2010
Posts: 586
Location: Yorkshire (GOC)

PostPosted: Tue Oct 17, 2017 11:55    Post subject: Reply with quote
BrainSlayer wrote:
i see no significant report or log in this thread. thats the problem


r31924 was the last stable release of DD-WRT for the WRT1900AC v1. All later versions result in unexpected reboots after a random period of running. Sometimes hours, sometimes days.

This has been discussed here in numerous threads and by many users.

r31924 is solid on this router and never reboots spontaneously.

Those of us who still have a WRT1900AC v1, either run this version of DD-WRT, or have switched to LEDE.

The assumption, for some time now, is that this reboot issue will never get fixed.

_________________
Linksys WRT32X v1 - r41218
Linksys WRT1900AC v1 - r41218
TP-Link Archer C9 v1 - r41218
Firmware: ftp://ftp.dd-wrt.com/betas/2019/
gainestr
DD-WRT User


Joined: 06 Jul 2017
Posts: 78

PostPosted: Tue Oct 17, 2017 12:53    Post subject: Reply with quote
Yemble wrote:
r31924 was the last stable release of DD-WRT for the WRT1900AC v1. All later versions result in unexpected reboots after a random period of running. Sometimes hours, sometimes days.

This has been discussed here in numerous threads and by many users.

r31924 is solid on this router and never reboots spontaneously.

Those of us who still have a WRT1900AC v1, either run this version of DD-WRT, or have switched to LEDE.

The assumption, for some time now, is that this reboot issue will never get fixed.


Your statement still doesn't help him resolve any issue. Why don't you send him your log file after a crash? Simply posting a general statement on the board doesn't provide enough info to work off of.

BrainSlayer wrote:
i see no significant report or log in this thread. thats the problem

_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

CPU Model: Marvell Armada 385
Router: Linksys WRT1900ACSv2
Firmware: DD-WRT v3.0-r39144 std (03/11/19)
Kernel: Linux 4.9.162 #871 SMP Mon Mar 11 03:05:23 CET 2019 armv7l
WiFi Driver: 10.3.8.0-20181120 (strings /lib/modules/*.*/mwlwifi.ko | grep "^10.3")
Options: AP, OpenVPN Server, OpenVPN Client, IPv6, UPnP, QoS(Disabled), SFE (Disabled)

Others:
Linksys SE4008 WRT 8-Port Gigabit Ethernet Switch (LAN Switch)
QNAP TS-253A-8G NAS (2-bay, WD Red 4TB each)
spuriousoffspring
DD-WRT Guru


Joined: 05 Apr 2017
Posts: 983
Location: South of Heaven, USA

PostPosted: Tue Oct 17, 2017 12:53    Post subject: Reply with quote
In my experience any build after 31924 (4.9 Kernel) the Router runs smooth for a day or two.
Then a reboot.
After the first self-reboot it will be fine for another day maybe less.
After that - it snowballs to up to several times per hour.

*Using OpenVPN accelerates the self-reboot interval.

Have only experienced this with 4.9 Kernel. No other builds.

As far as I can tell from previous Forum posts - no one with a WRT1900AC v1 is immune.

However, as @Yemble stated 31924 is very stable. Myself and others have recommended exclusively to anyone with a WRT1900AC v1

_________________
DD-WRT Installation & Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=311117

WRT32X DD-WRT Installation Procedure
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=315569

IPVanish OpenVPN Client Setup TUTORIAL
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=308565

FIRMWARE: OpenWrt SNAPSHOT r8217-2cc821e / LuCI Master (git-18.276.41146-280dd33)
MODEM: ARRIS SURFBoard SB8200
ROUTER: Linksys WRT32X
USB NAS: Western Digital BLACK 1 TB Hardrive + Startech USB 3.0 External SATA III Enclosure
Goto page Previous  1, 2, 3  Next Display posts from previous:    Page 2 of 3
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum