Does anyone know security features of Motorola SBG6580?

[botard89]

I'm not sure that this question is one suitable for the security section, but I'm assuming it is some form of security that is preventing me from this, and I'm trying to learn as much as I can.

My neighbor has a modem/router, the Motorola SURFboard SBG6580. The ISP seems to be Brighthouse Networks, because the ESSID is BHNSBG6580**** I have full permission to hack the router if I can. Figuring that the passphrase could be something the owner made or something that BHN setup, I figured the best way to go about this would be either using Reaver in Kali Linux, or WiFite. I used Wash to make sure the gateway has WPS enabled and it does. I figured it would take some time, 1.) Because it's Reaver ;) and 2.) Because these gateways are apparently known to have AP Rate Limited security features enabled (after so many pin #'s tried, gateway shuts down for approx 5-6 mins, and then the attack can continue on) Well the problem was I kept getting Timeout occurred errors and WPS Transaction failed messages (code 0x02) I thought at first that maybe my range wasn't as good as it should be, although I have done this with routers with less of a signal and succeeded. Ok. Well it was ironic because BHN was having some technical difficulties where their internet and phone lines went down. I got back on Kali, and figured I'd check around to see what was out there, and I saw the same gateway, except this time the ESSID was simply SBG6580**** I tried Reaver and sure enough it started up. It did have a few 0x02 errors, however it was actually making process, where before it was making none at all. It continued to do this until sure enough the services were back online, which told me if theservices were going through this gateway then it has some feature disabling WPS attacks, while when not having service it is possible to attack it, even with the AP Rate Limited feature.

Now, with all this being said, my question is, Does anyone know of a security feature that would prevent a WPS attack on a gateway/router. provided that service is up, versus a WPS attack working while service for the same gateway/modem is down?

If there is anymore info I left out then let me know and I'll be sure to include it as well. The only thing I can think of that I had left out is that I'm using Reaver 1.4 (downgrading doesn't seem to be the problem), and I am using an Alfa AWUS036H Wireless Network Adapter equipped with my Alfa -9 dBi Flat Panel Antenna, and of course I am running "airmon-ng start wlan2" to start in monitor mode, am using airodump-ng mon0 --ignore-negative-one to fix that error, and I have also tried killing processes, or leaving them running. I have done much, much research on what could be wrong "program speaking" but this doesn't seem to have anything to do with my range, MAC Address, equipment, or input of command. I would appreciate any help provided, and thanks in advance.

[botard89]

Ok. I'm not sure as to what security featues or combinations are causing my lack of progress on this router, but I did find it interesting to note that after a little digging I found out these routers have a Firewall with DoS prevention as well as an Intrusion Prevention System (IPS) built in. Is there anything that Kali Linux has that can get through these features? I plan on using Wireshark to see if there is any additional info in the packets, etc. Thanks again.

[cooper]

Maybe this quide is some help to you. Tricky bit is that you need to capture the traffic of someone connecting to the device rather than try to access it on your merry own. I don't know to what extent that's feasible in your specific scenario.