<div dir="ltr">Or, in my case, which open source firmware packages support my Netgear R7000? Seems not all of them do, which is a shame because I _really_ want to get off of the stock firmware! And the documentation for openWRT, Tomato, DD-WRT, etc., all seem a bit vague as to how well they support my router...<div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, 18 Oct 2017 at 13:28 L.D. Paniak <<a href="mailto:ldpaniak@fourpisolutions.com">ldpaniak@fourpisolutions.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Let's try again for the list...<br>
<br>
OpenWRT has patches for KRACK:<br>
<a href="https://github.com/openwrt/openwrt/issues/558" rel="noreferrer" target="_blank">https://github.com/openwrt/openwrt/issues/558</a><br>
<a href="https://github.com/openwrt/openwrt/commit/1576a0b7773a635149f48fc9efd7dea45e495a12" rel="noreferrer" target="_blank">https://github.com/openwrt/openwrt/commit/1576a0b7773a635149f48fc9efd7dea45e495a12</a><br>
OpenWRT generally does not support rolling changes to a named release.<br>
You need to run nightlies to get the latest bits eg.:<br>
<a href="https://downloads.openwrt.org/snapshots/trunk/" rel="noreferrer" target="_blank">https://downloads.openwrt.org/snapshots/trunk/</a><br>
<br>
That said, what is the best open-source supported router/access point<br>
these days?<br>
<br>
<br>
On 10/17/2017 09:02 PM, Khalid Baheyeldin wrote:<br>
> John,<br>
><br>
> The Linux side of things has been solved within hours of this<br>
> vulnerability being disclosed. Packages were available, and they<br>
> were installed via the normal channels.<br>
><br>
> The issue here is not Linux, the issue is embedded devices, and<br>
> various non-Google hardware phones and tablets running Android.<br>
> These are dependent on the vendor of the phone, who historically<br>
> did not care beyond a year or two (if that, varies from brand to<br>
> brand).<br>
><br>
> As well, OpenWRT seems to have been abandoned, and LEDE is<br>
> the replacement for it.<br>
><br>
> In reality, this vulnerability can be exploited to sniff traffic that<br>
> is not otherwise encrypted (e.g. regular non-SSL HTTP traffic<br>
> to/from web sites). These are fewer than what they used to be,<br>
> but they are still there.<br>
><br>
> I'd rather have everything patched.<br>
><br>
> On 10/17/17, <a href="mailto:jekerr@sdf.org" target="_blank">jekerr@sdf.org</a> <<a href="mailto:jekerr@sdf.org" target="_blank">jekerr@sdf.org</a>> wrote:<br>
>>> How much should the world be freaking out about this?<br>
>> This is a vulnerability discovered in the lab. It has not been found in<br>
>> the wild AFAWK.<br>
>><br>
>> Like most Linux threats, they are discovered in the lab first, and the<br>
>> everything else is a long shot as in "this could affect you if you are<br>
>> using Kernel X on a Pentium 2 and your Great Grandfather is a native of<br>
>> the Orkney mainland"<br>
>><br>
>> Cheers<br>
>><br>
>> John<br>
>><br>
>>> <a href="https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/" rel="noreferrer" target="_blank">https://www.bleepingcomputer.com/news/security/new-krack-attack-breaks-wpa2-wifi-protocol/</a><br>
>>><br>
>>> and<br>
>>><br>
>>> <a href="https://en.wikipedia.org/wiki/KRACK" rel="noreferrer" target="_blank">https://en.wikipedia.org/wiki/KRACK</a><br>
>>><br>
>>> and<br>
>>><br>
>>> <a href="https://www.krackattacks.com/" rel="noreferrer" target="_blank">https://www.krackattacks.com/</a><br>
>>><br>
>>> Proximity matters of course, so I suppose we all keep an eye out for<br>
>>> strangers lurking near our homes and workplaces?<br>
>>><br>
>>> Probably everyone here is already quite aware of this news(I am usually<br>
>>> quite late to the party) but I thought I would mention it.<br>
>>><br>
>>> Thanks,<br>
>>><br>
>>> Ron Singh<br>
>>> _______________________________________________<br>
>>> kwlug-disc mailing list<br>
>>> <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
>>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
>>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> kwlug-disc mailing list<br>
>> <a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
>> <a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
>><br>
><br>
<br>
<br>
_______________________________________________<br>
kwlug-disc mailing list<br>
<a href="mailto:kwlug-disc@kwlug.org" target="_blank">kwlug-disc@kwlug.org</a><br>
<a href="http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org" rel="noreferrer" target="_blank">http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a><br>
</blockquote></div>