How do I configure my Linksys routers to resist the WPS brute-force vulnerability?
Solution 1:
While not an ideal solution, installing the DD-WRT or Tomato custom firmwares will resolve this, as they do not implement WPS
Solution 2:
As of 1/9/2012, there is no way to fully disable WPS on Linksys products.
See: http://www.smallnetbuilder.com/wireless/wireless-features/31664-waiting-for-the-wps-fix
and
http://arstechnica.com/business/news/2012/01/hands-on-hacking-wifi-protected-setup-with-reaver.ars
MAC address filtering offers some protection, but can easily be bypassed.
Solution 3:
I have the E3000 router and have also been looking for a way to disable it, and as far as my research goes, it is currently not possible (with FW 1.0.04).
That "Manual" switch only affects the GUI, if you look at the beacon (with some WiFi Analyzer) you will notice that WPS is still enabled.
UPDATE: Take a look at here. The guy there basically states (about E3000) that "Vulnerable: YES - however, the WDS falls over quickly so it is not very practical to attack a router.", so thanks to it's vulnerability to denial of service, it withstands the WPS attack...
Information about other routers is also listed in his public google spreadsheet.
Solution 4:
Cisco announced dates for firmware releases which allow Disabling WPS. Both E3000 and WRT400N remain To Be Determined, but some models list "early March".
http://www6.nohold.net/Cisco2/ukp.aspx?vw=1&articleid=25154#
They suggest disabling all wifi in the meantime. Thanks, Cisco!