Welcome to Netduma Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
As scary as this attack sounds, there are several mitigating factors at work here. First off, this is not an attack that can be pulled off remotely: An attacker would have to be within range of the wireless signal between your device and a nearby wireless access point.
More importantly, most sensitive communications that might be intercepted these days, such as interactions with your financial institution or browsing email, are likely already protected end-to-end with Secure Sockets Layer (SSL) encryption that is separate from any encryption added by WPA2 — i.e., any connection in your browser that starts with “https://”.
Also, the public announcement about this security weakness was held for weeks in order to give Wi-Fi hardware vendors a chance to produce security updates. The Computer Emergency Readiness Team has a running list of hardware vendors that are known to be affected by this, as well as links to available advisories and patches.
“There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections,” reads a statement published today by a Wi-Fi industry trade group. “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”
Sounds great, but in practice a great many products on the CERT list are currently designated “unknown” as to whether they are vulnerable to this flaw. I would expect this list to be updated in the coming days and weeks as more information comes in.
Some readers have asked if MAC address filtering will protect against this attack. Every network-capable device has a hard-coded, unique “media access control” or MAC address, and most Wi-Fi routers have a feature that lets you only allow access to your network for specified MAC addresses.
However, because this attack compromises the WPA2 protocol that both your wireless devices and wireless access point use, MAC filtering is not a particularly effective deterrent against this attack. Also, MAC addresses can be spoofed fairly easily.
To my mind, those most at risk from this vulnerability are organizations that have not done a good job separating their wireless networks from their enterprise, wired networks.
I don’t see this becoming a major threat to most users unless and until we start seeing the availability of easy-to-use attack tools to exploit this flaw. Those tools may emerge sooner rather than later, so if you’re super concerned about this attack and updates are not yet available for your devices, perhaps the best approach in the short run is to connect any devices on your network to the router via an ethernet cable (assuming your device still has an ethernet port).
From reading the advisory on this flaw, it appears that the most recent versions of Windows and Apple’s iOS are either not vulnerable to this flaw or are only exposed in very specific circumstances. Android devices, on the other hand, are likely going to need some patching, and soon.
On October 16. CERT/CC/ICASI released a public announcement about discovered vulnerabilities in WPA2 handshake protocols that affect most WiFi users and all vendors world wide.
RouterOS v6.39.3, v6.40.4, v6.41rc are not affected!
It is important to note that the vulnerability is discovered in the protocol itself, so even a correct implementation is affected.
These organizations did contact us earlier, so we have already released fixed versions that address the outlined issues. Not all of the discovered vulnerabilities directly impact RouterOS users, or even apply to RouterOS, but we did follow all recommendations and improved the key exchange process according to the guidelines we received from the organizations who discovered the issue.
We released fixed versions last week, so if you upgrade your devices routinely, no further action is required.
The following applies to RouterOS software prior to updates related to the issue.
nv2 is not affected in any way. This applies to both - nv2 AP and client. There is no nonce reset in key exchange possible and key re-installation is not possible, because nv2 key exchange does not directly follow 802.11 key exchange specification.
802.11 nonce reuse
RouterOS is not affected in any way, RouterOS generates cryptographically strong random initial nonce on boot and never reuses the same nonce during uptime.
802.11 key reinstallation
The device operating as client in key exchange is affected by this issue. This means that RouterOS in station modes and APs that establish WDS links with other APs are affected. RouterOS APs (both - standalone and CAPsMAN controlled), that do not establish WDS links with other APs, are not affected. Key reinstallation by resending key exchange frame allows attacker to reset encrypted frame packet counter. This allows attacker to replay frames that where previously sent by AP to client. Please note that RouterOS DOES NOT reset key to some known value that would allow attacker to inject/decrypt any frames to/from client.
Suggested course of action
It is always recommended to upgrade to latest RouterOS version, but depending on wireless protocol and mode the suggested course of action is as follows:
- nv2: no action necessary
- 802.11/nstreme AP without WDS: no action necessary
- CAPsMAN: no action necessary
- 802.11/nstreme client (all station modes) or AP with WDS: upgrade to fixed version ASAP.
The duma operating system may or may not be vulnerable but I am sure that we will find out as soon as the Devs know.
The security risk is probably more of a worry for big companies than individuals with a home network from the further reading I have done but sure all security is an issue but I don't think many home users need to go into melt down over it just yet.
First off any attack would need to be local, as in within your wifi range and if you're that worried about a local attack from a neighbour or you have such important information to hide then you're security should already circumvent any issues.
It will do exactly as it says and temp ban it. If you note down the address of the server before you ban you will notice even f it appears you are connecting to the same server it will be different one in the same location.
Or move your home location to avoid that bank of servers.
I disagree with a fair bit of what Sim suggests but hey each to their own, I would probably hold off on putting a lot of work into a video for the current Duma OS as the new one is not that far away and I think a lot of the confusing stuff for people less tech savvy will be sorted out.
If you want to fire on ahead Im sure people would be most grateful but if its a lot of effort I might hang fire.
Im sick to change my settings evry 2 days do somtinding estable pls.., por que no hacen algo estable ya estoy cansado de cambiar mi ajustes siempre cada 2 dias si hacen algo como, si te conectas en un host que te quedes ahi y no volver a hacer clik otra vez en ese host Sorry tengo mas de 2 Anos con lo mismo y ya me canse , hagan algo ustedes son los espertos no yo...
Im sick to change my settings evry 2 days do somtinding stable pls .., why do not they do something stable already I'm tired of changing my settings always every 2 days if they do something like, if you connect on a host you stay there and no Sorry for the inconvenience. I'm sorry, I'm sorry, but I'm not sure if it's a good thing.
Well it would help if you told us what game you are playing and what your settings are. Might I suggest you start a support thread of your own to get support if you need it?
Bueno, sería de ayuda si nos dijiste qué juego estás jugando y cuáles son tus ajustes. ¿Puedo sugerirle que inicie un hilo de soporte propio para obtener soporte si lo necesita?
The Star Wars Battlefront 2 beta has an October 4 release date on PS4, Xbox One and PC, and a 9am UK start time. But that's only if you're a pre-order customer.
The open beta - which doesn't require a pre-order - starts two days later on October 6. It also has a 9am UK start time.
Annoyingly, however, despite being one of the biggest betas in EA history, there's no option to pre-load.