The answer is simple: Update your clients first (it's mainly a client problem) - then wait for the update for your router.I'm a little confused by all this, and by all the conflicting reports of the severity of this vulnerability, but I have two main questions...
The answer is simple: Update your clients first (it's mainly a client problem) - then wait for the update for your router.
Remember: Your client devices will also connect to other Routers/APs which might not be updated at all!
You were given the answer.You did not answer either of my questions. I realize that it is mainly a client problem but still it appears that there is at least some value to updating the router firmware as well. And beyond that, with most wi-fi clients there is nothing you can do because you have to wait for the manufacturer or the maintainer of the operating system to release a fix, and then (in the case of phones) for the carrier to push the fix. Neither Apple nor Google seem to be in any huge rush to patch this hole (Ubuntu, Debian and Microsoft, on the other hand, seem to have been quicker to address this). So in the meantime, the only thing we can do to try and at least be a little proactive is to make sure our routers have updated firmware, and I just wanted to know when that might be available, and what settings on the router should be set in a certain specific way until then.
NO, I was NOT given the answer to THE QUESTIONS I ASKED.You were given the answer.
@joegreat has given you the answer to this as well: Wait for the update.NO, I was NOT given the answer to THE QUESTIONS I ASKED.
You gave me the answers to the questions YOU thought I SHOULD be asking. But I already knew all that.
The questions I ASKED were these:
"First, will the 380 branch of Asuswrt-Merlin be updated with the fix for this vulnerability, and if so, any idea when that might happen? None of the Asus routers in my family are the RT-AC86U so at this point the 382.1 builds aren't applicable."
Unless you are the Asuswrt-Merlin developer, which you are not, you have no idea how to answer that question.
"Second, until such time as a build with the fix is released, are there any settings that must be set a in a particular way to minimize exposure? In these cases the routers are being used simply as routers (ethernet cable from the WAN port to the cable modem, so no wireless connection from the routers to any other router)."
What I am probably really asking here is if "802.11r" is enabled or disabled by some particular setting. It is apparent that you don't know the answer to that either.
You can try to tell me that you answered my questions until you fingers are bloody from typing it, but so far, you haven't. For my first question, you don't know the answer, and for my second question, it's pretty clear you don't know that either. Are you the "resident know-it-all" of this forum? Seems like there's at least one in every technical forum. They have a high post count, but most of their replies are of very low quality.
First, will the 380 branch of Asuswrt-Merlin be updated with the fix for this vulnerability, and if so, any idea when that might happen?
In these cases the routers are being used simply as routers
Arguably the most interesting vulnerability from an attacker's point of view is the FT handover issue that is entirely an access point issue. Probably not a concern for home users though, since your data probably isn't interesting enough to pull for decrypting later. But the ability to get tons of data without any real chance of being detected even with the most sophisticated intrusion detection is probably what the bad guys are most interested in.
There's always at least one new forum member that thinks they're entitled too....NO, I was NOT given the answer to THE QUESTIONS I ASKED.
You gave me the answers to the questions YOU thought I SHOULD be asking. But I already knew all that.
The questions I ASKED were these:
"First, will the 380 branch of Asuswrt-Merlin be updated with the fix for this vulnerability, and if so, any idea when that might happen? None of the Asus routers in my family are the RT-AC86U so at this point the 382.1 builds aren't applicable."
Unless you are the Asuswrt-Merlin developer, which you are not, you have no idea how to answer that question.
"Second, until such time as a build with the fix is released, are there any settings that must be set a in a particular way to minimize exposure? In these cases the routers are being used simply as routers (ethernet cable from the WAN port to the cable modem, so no wireless connection from the routers to any other router)."
What I am probably really asking here is if "802.11r" is enabled or disabled by some particular setting. It is apparent that you don't know the answer to that either.
You can try to tell me that you answered my questions until you fingers are bloody from typing it, but so far, you haven't. For my first question, you don't know the answer, and for my second question, it's pretty clear you don't know that either. Are you the "resident know-it-all" of this forum? Seems like there's at least one in every technical forum. They have a high post count, but most of their replies are of very low quality.
There's always at least one new forum member that thinks they're entitled too....
I don't know, because the fix has to come from Broadcom, not from me.
Nothing that has to be done on the router. On the client side, you have to update your clients with fixes if they need one. I'm not aware of any mitigation method.
...(ESPECIALLY when you then come back a few posts later and try to claim you answered the question)
Again, this was already answered by the developer in post #12:I just wonder how the DD-WRT people are implementing the fix then. I am not certain whether their fix works with Broadcom-based routers,
The wpa_supplicant you've seen patched in those other firmware projects is not used by Broadcom's router mode, they use a proprietary nas executable for WPA2 management.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!