fwiw, my understanding is that the vulnerability is on the client side. therefore, I'm not sure what patches would get applied to an access point, though presumably if you use bridging (and maybe extension?) functionality then maybe there's an issue there.
iow, I think patching access points isn't necessary or at least is a low priority if you're not using a feature that turns the device into a client.
""" What if there are no security updates for my router?
Our main attack is against the 4-way handshake, and does not exploit access points, but instead targets clients. So it might be that your router does not require security updates. We strongly advise you to contact your vendor for more details. In general though, you can try to mitigate attacks against routers and access points by disabling client functionality (which is for example used in repeater modes) and disabling 802.11r (fast roaming). For ordinary home users, your priority should be updating clients such as laptops and smartphones. """
On Mon, Oct 16, 2017 at 3:21 PM, Michael C Voorhis email@example.com wrote:
Chuck Anderson writes:
Because none of Fedora's updates aren't actually released yet. They are built and undergoing pushing/testing now, but being a public distro, anyone can get them if they know where to look:
Ubuntu released a bunch of WPA-related patches a little after noontime today, it appears.
I'm using DD-WRT on my APs at home, but god do the web pages and forums suck for actually figuring out what version to run and whether it's patched or not. Sigh...
Ditto for OpenWRT, it appears the project is still alive, but you'd never know, looking at their website. I may switch to LEDE, which confusingly appears to be a fork of OpenWRT which is trying to merge back with OpenWRT....?
--MCV. _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug