Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[dirkpitt]

UPDATE:  1.34 beta Appears to have remedied this issue!!  April 13, 2010
I decided that I would see if I could prove that the 1.33NA firmware is directing traffic to the dir-655.bsecure.com website for Internet address resolution, and that it could be done by adding the URL to the list of blocked sites on my router.

THIS IS A VERY PAINFUL DIRECTION TO TAKE:  CASUAL USERS TO NOT ATTEMPT!

Here are my notes from my little adventure:
-Log in to the router, choose Advanced->Website Filter
-Select "Deny computers access to ONLY these sites", and add dir-655.bsecure.com
-Reboot router (although not prompted: these changes do not take effect until the router is rebooted)

Try using a browser to go ANYWHERE.  This brings me to a Securespot page that prompts: "Access Control Alert: New Computer Detected"

Of course, my next step is to confirm that SecureSpot is disabled.  Advanced->Securespot.  Yes it is.

Returning to the Access Control Alert, I notice a link at the bottom of the page that says "If you would like to turn off this Access Control protection feature, click here", which results in a prompt for an administrator password.  This is the password that was configured if you used the SecureSpot trial.  

Once entered correctly, I am told "The new settings have been saved.  The device must retrieve the new settings before they take effect.  Click the button below to apply the settings.  (Click Apply Settings button).

This causes an infinite loop!!!  The browser cycles between Access Control and loading... never finishing.  The Log details on the browser are growing quickly with repeated "Blocked outgoing TCP packet from 192.168.0.190:3188 to 64.78.164.232:80 as FIN:ACK received but there is no active connection" .  I closed the page where I chose to "Apply Settings" after 3 minutes of this error message scrolling away...

Now this happens when I attempt to browse anywhere requiring a URL:  a continual cycle between Access Control and "loading...".  Disable the website blocking...  the problem persists for awhile after a reboot (couple of minutes).  All of the bookmarks that I attempted to use (which were cycling as mentioned above) now have the SecureSpot logo associated with it like as if it is a virus.

Manually set the DNS servers for my ISP.  And reboot.  Still has the same problem.  I've been clicking the Latest News RSS Feeds from the BBC (in Firefox, and even their icons are being replaced.  Cannot access any sites.  System has spontaneously rebooted twice in the last eight minutes.  The time on the unit has now been reset to January 30...

Deleted all DNS settings.  I'm sorry, firmware gods!!  ...and... reboot.  Whew!  I can get back to forums.dlink.com to report in!! Yay!

I just hope that the firmware gods can reproduce this one!!!

Hardware:  A4, firmware:  1.33NA

UPDATE:  1.34 beta Appears to have remedied this issue!!  April 13, 2010

[dirkpitt]

Logs available on request.

I conclude that this proves that SecureSpot is a security breach in itself, and that a SecureSpot-free firmware release a necessity.

[BinaryInk]

Logs available on request.

I conclude that this proves that SecureSpot is a security breach in itself, and that a SecureSpot-free firmware release a necessity.

I agree that Securespot should be removed, but you are 100% aware that every single site you go to and your activities are logged by MULTIPLE servers, correct? Your ISP and the multiple servers used to route you there record your IP and your activity whether you want it to or not. There are ways to work around it, but ultimately you're never going to notleave a trace.

Plus, D-Link has said before that they're going to release a SecureSpot-free firmware.

[dirkpitt]

I'm perfectly fine with my traffic going through reliable, necessary servers.

SecureSpot doesn't fit either of these two descriptors.

Also, Lycan said that D-Link would release Beta firmware for the interim.  I want a new branch of firmware that does not include SecureSpot's services and infrastructure.

[dirkpitt]

...it is also interesting to note that I could not get address resolution when I entered the DNS servers specified by my ISP.  Has anyone else encountered this?

[Cobra]

I decided that I would see if I could prove that the 1.33NA firmware is directing traffic to the dir-655.bsecure.com website for Internet address resolution, and that it could be done by adding the URL to the list of blocked sites on my router.

THIS IS A VERY PAINFUL DIRECTION TO TAKE:  CASUAL USERS TO NOT ATTEMPT!

Here are my notes from my little adventure:
-Log in to the router, choose Advanced->Website Filter
-Select "Deny computers access to ONLY these sites", and add dir-655.bsecure.com
-Reboot router (although not prompted: these changes do not take effect until the router is rebooted)

Try using a browser to go ANYWHERE.  This brings me to a Securespot page that prompts: "Access Control Alert: New Computer Detected"

Of course, my next step is to confirm that SecureSpot is disabled.  Advanced->Securespot.  Yes it is.

Returning to the Access Control Alert, I notice a link at the bottom of the page that says "If you would like to turn off this Access Control protection feature, click here", which results in a prompt for an administrator password.  This is the password that was configured if you used the SecureSpot trial. 

Once entered correctly, I am told "The new settings have been saved.  The device must retrieve the new settings before they take effect.  Click the button below to apply the settings.  (Click Apply Settings button).

This causes an infinite loop!!!  The browser cycles between Access Control and loading... never finishing.  The Log details on the browser are growing quickly with repeated "Blocked outgoing TCP packet from 192.168.0.190:3188 to 64.78.164.232:80 as FIN:ACK received but there is no active connection" .  I closed the page where I chose to "Apply Settings" after 3 minutes of this error message scrolling away...

Now this happens when I attempt to browse anywhere requiring a URL:  a continual cycle between Access Control and "loading...".  Disable the website blocking...  the problem persists for awhile after a reboot (couple of minutes).  All of the bookmarks that I attempted to use (which were cycling as mentioned above) now have the SecureSpot logo associated with it like as if it is a virus.

Manually set the DNS servers for my ISP.  And reboot.  Still has the same problem.  I've been clicking the Latest News RSS Feeds from the BBC (in Firefox, and even their icons are being replaced.  Cannot access any sites.  System has spontaneously rebooted twice in the last eight minutes.  The time on the unit has now been reset to January 30...

Deleted all DNS settings.  I'm sorry, firmware gods!!  ...and... reboot.  Whew!  I can get back to forums.dlink.com to report in!! Yay!

I just hope that the firmware gods can reproduce this one!!!

Hardware:  A4, firmware:  1.33NA

Tried this on five of the systems I take care of with DIR 655 on them.

Result was this did nothing to stop normal access to sites.....Mythbusted I say.  

[dirkpitt]

Serious?  This answer is surprising to me.  Is my router just a lemon?  Hmm...

Here's a small excerpt from my logs to show that it was fubar:
[INFO] Sat Jan 30 16:51:40 2010 Blocked outgoing TCP packet from 192.168.0.190:3665 to 64.4.50.62:80 as ACK received but there is no active connection
[INFO] Sat Jan 30 16:51:40 2010 Blocked incoming TCP packet from 64.78.164.232:80 to 68.146.106.15:3150 as FIN:ACK received but there is no active connection
[INFO] Sat Jan 30 16:51:39 2010 Blocked incoming TCP packet from 64.78.164.232:80 to 68.146.106.15:3148 as FIN:ACK received but there is no active connection
[INFO] Sat Jan 30 16:51:38 2010 Blocked incoming TCP packet from 64.78.164.232:80 to 68.146.106.15:3146 as FIN:ACK received but there is no active connection
[INFO] Sat Jan 30 16:51:38 2010 Blocked incoming TCP packet from 64.78.164.232:80 to 68.146.106.15:3144 as FIN:ACK received but there is no active connection
[INFO] Sat Jan 30 16:51:38 2010 Blocked incoming TCP packet from 64.78.164.232:80 to 68.146.106.15:3142 as FIN:ACK received but there is no active connection
[INFO] Sat Jan 30 16:51:38 2010 Blocked incoming TCP packet from 208.69.153.136:80 to 68.146.106.15:3327 as RST:ACK received but there is no active connection
[INFO] Sat Jan 30 16:51:37 2010 WAN interface speed measurement completed.  Upstream speed is 1014 kbps
[INFO] Sat Jan 30 16:51:32 2010 (SSID Replaced): Wireless system with MAC address (MAC Replaced) disconnected for reason: Received Deauthentication
[WARN] Sat Jan 30 16:51:22 2010 A network computer (Wii) was assigned the IP address of 192.168.0.194.
[WARN] Sat Jan 30 16:51:20 2010 Above message repeated 1 times
[INFO] Sat Jan 30 16:51:20 2010 (SSID Replaced): Wireless system with MAC address (MAC Replaced) secured and linked
[INFO] Sat Jan 30 16:51:20 2010 (SSID Replaced): Wireless system with MAC address  (MAC Replaced) associated
[INFO] Sat Jan 30 16:51:20 2010 Above message repeated 1 times
[WARN] Sat Jan 30 16:51:00 2010 A network computer (PCID Replaced) was assigned the IP address of 192.168.0.190.
[WARN] Sat Jan 30 16:50:59 2010 A network computer (PCID Replaced) was assigned the IP address of 192.168.0.198.
[INFO] Sat Jan 30 16:50:59 2010 (SSID Replaced): Wireless system with MAC address (MAC Replaced)secured and linked
[INFO] Sat Jan 30 16:50:59 2010 (SSID Replaced): Wireless system with MAC address (MAC Replaced)associated
[INFO] Sat Jan 30 16:50:59 2010 Above message repeated 1 times
[INFO] Sat Jan 30 16:50:53 2010 Wireless link is up
[INFO] Sat Jan 30 16:50:51 2010 Starting DHCP server
[INFO] Sat Jan 30 16:50:46 2010 Estimating speed of WAN interface
[INFO] Sat Jan 30 16:50:45 2010 Obtained IP Address using DHCP. IP address is 68.146.106.15
[INFO] Sat Jan 30 16:50:44 2010 Bringing up WAN using DHCP
[INFO] Sat Jan 30 16:50:44 2010 WAN interface cable has been connected
[INFO] Sat Jan 30 16:50:43 2010 LAN interface is up
[INFO] Sat Jan 30 16:50:43 2010 LAN Ethernet Carrier Detected
[INFO] Sat Jan 30 16:50:42 2010 Device initialized
[WARN] Sat Jan 30 16:50:42 2010 Wireless schedule init
[INFO] Sat Jan 30 16:50:42 2010 No Internet access policy is in effect. Unrestricted Internet access allowed to everyone

Of course, the bottom of the log is the first entry, with newer entries going up...

[dirkpitt]

Tried this on five of the systems I take care of with DIR 655 on them.

Result was this did nothing to stop normal access to sites.....Mythbusted I say.  

What's your configuration?  H/W version?  SecureSpot subscriber?  F/W?

[Cobra]

What's your configuration?  H/W version?  SecureSpot subscriber?  F/W?

A3 and A4 with 1.33NA

Never had securespot trial.

[summerstormpictures]

I've blocked besecure.com via OpenDNS and while I still get a hijack when recycling the power on both the modem and the router, the site itself is effectively blacklisted and blocked.

One very interesting thing I have noticed since blocking besecure.com is that my web browsing in general is much much snappier. I don't know if it's related to this blocking of besecure.com or not but it's the only change in my network/system configuration of 3 Macs and a Windows box since this fiasco.

Sidenote: I would heartily recommend OpenDNS to anyone. It is free and tried and tested by public and private universities and other educational institutions as well as public libraries and various WiFi hotspots. I'm not a shill and have no interest in OpenDNS other than being a happy customer. I only mention this to highlight that there is a much more stable and trial-tested way to ''be secure'' than this silly feature--one that should be excised completely out of the firmware.

I repeat my call for D-Link to get the basics working first before trawling for extra cash.

[dirkpitt]

A3 and A4 with 1.33NA

Never had securespot trial.

Interesting... I wonder if the expiration of my trial period and my lack of disabling the "Access Control" online could be partially to blame...

I tried to replicate the issue myself, and didn't get the same result.  I'm guessing that it is could be a combination of reasons:
1.  The first time my router was SNAFU'ed because there was some time between having the "Access Control" feature disabled by me, and de-registered by the bsecure server...
2.  Since I have attempted to block dir-655.bsecure.com a second time, none of the sites that I've listed are actually being blocked.

Cobra, can you confirm that dir-655.bsecure.com is really being blocked when you attempt this?

[dirkpitt]

I've blocked besecure.com via OpenDNS and while I still get a hijack when recycling the power on both the modem and the router, the site itself is effectively blacklisted and blocked.

One very interesting thing I have noticed since blocking besecure.com is that my web browsing in general is much much snappier. I don't know if it's related to this blocking of besecure.com or not but it's the only change in my network/system configuration of 3 Macs and a Windows box since this fiasco...

I notice that you refer to it as besecure.com, whereas I have been encountering issues with dir-655.bsecure.com.  Are you paraphrasing the site name, or are we encountering different sites?

[summerstormpictures]

I notice that you refer to it as besecure.com, whereas I have been encountering issues with dir-655.bsecure.com.  Are you paraphrasing the site name, or are we encountering different sites?

Typo on my part. I blocked bsecure.com. I didn't include the dir-655- part because if I just block the entire domain that should take care of it...unless I'm mistaken.

[dirkpitt]

Well, I thought that I would try tinkering some more because it really annoys me that I saw the problem, and wasn't able to reproduce it.  (My professional background involves evaluating firmware/software and developing test processes to evaluate product integrity so I do not like leaving inconsistencies like this unresolved...)

This time I only entered "bsecure.com" in the websites to block rather than the full dir-655.bsecure.com, plus another url to see if it was blocked.  Personally, I would like to leave the bsecure.com site blocked because I have no use for it.  After a reboot I was unable to use any of my usual bookmarks (except the one for the web interface for my email at my ISP which was odd) as the address was not resolved.

Went to blank the blocked sites so that I could report my findings but then I was getting the cycling between dir-655.bsecure.com and loading again! All other sites were blocked!  Not even the email site this time! Having already undone all of the changes that I had made to the website filtering, now I was at a loss as to how to restore my internet services. 

So this leaves just my router's IP viable. I tried entering just the base dir-655.besecure.com website.  The login site appears.  Nothing else to do, so I log in.  Of course it shows all of the equipment on my network.  Nice.  Pretty cool that that still gets updated considering that I've disabled it, right?  NOT!    There was an option to delete my account, so I used it.

So, to stop SecureSpot you need to:
1.  De-select the checkbox in the firmware on your router
2.  Turn off the Access Control on the dir-655.bsecure.com website
3.  Delete your account on the dir-655.bsecure.com website
...I'm hoping that this is all...   

Log off, reboot, things seem normal again.  For how long?  Any guesses?

[summerstormpictures]

My last post was incomplete. I did not block bsecure.com on the router, rather I blocked it on OpenDNS, since that is what I use. My web browsing is snappier and I'm definitely leaving bsecure.com blocked along with every site in Russia, China and the other ''bad guys.''

Seriously, for anyone reading this, having that extra layer of security with something like OpenDNS on your home network is totally worth it. Besides having a secure router (not this one obviously), some sort of basic firewall and antivirus running on the software/computer level (I like ClamXAv and Little Snitch--on the Mac), and then surfing with only Firefox and select security related add-on's (like CS Lite, BetterPrivacy, NoScript, Privacy Plus, RequestPolicy--to mention a few), you can avoid at least 90-percent of the web pitfalls. With half-way intelligent habits like not clicking on links in email and other common sense, maybe 95-percent.

If anyone does go for OpenDNS, I urge them to block bsecure.com and report it as a malware site until this fiasco is fixed. We've been betrayed by D-Link by their including this carp (sic) in their router firmware. Those choosing not to take advantage of a ''real'' secure service like OpenDNS, I urge you to somehow block bsecure.com with your own Internet service provider. This should bring the message home loud and clear about future betrayals like this. Unfortunately now, D-Link has a big blemish on their image that they could have avoided had they taken security seriously and kept their firmware clean.