• March 18, 2024, 09:06:25 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Pages: [1] 2 3

Author Topic: DIR-865L Weird Internet sessions  (Read 32763 times)

calculi

  • Level 1 Member
  • *
  • Posts: 13
DIR-865L Weird Internet sessions
« on: February 17, 2013, 01:41:54 AM »

Hi.

I am new to the forum and got a newly bought Dir-865L.

It has been acting a bit weirdly lately. I get the weird gut feeling that somebody else is "in there" poking. When I check my internet sessions from time to time, it looks like there's somebody else logged in.

Usually there's a like a chopped message saying "Eplied]".



Quite recently I noticed that Symantec, whom I use as a DNS server actually was shown in the internet sessions. Any help would be much appreciated. I am going to talk to my ISP and also write Symantec a letter depending on what I'm seeing here.

« Last Edit: February 17, 2013, 01:50:55 AM by calculi »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-865L Weird Internet sessions
« Reply #1 on: February 17, 2013, 08:57:11 AM »

Link>Welcome!
What Hardware version is your router? Look at sticker under router.
Link>What Firmware version is currently loaded? Found on routers web page under status.
What region are you located?

What ISP Service do you have? Cable or DSL?
What ISP Modem make and model do you have?
Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask.

Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting.
Ensure devices are set to auto obtain an IP address.
If IPv6 is an option on the router, select Local Connection Only or Disable IPv6 options under Setup/IPv6.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules.
WAN Port Speed set to Auto or specific speed? Some newer ISP modems support 1000Mb so manually setting to Gb speeds can be supported by the router. Advanced/Advanced Networking/WAN Port Speed
Set current Time Zone, Date and Time. Use an NTP server feature. Tools/Time.

I would check the Setup/Networking/Dynamic Client list for any unknown device IP addresses. Also check Status/Device Info/Connected LAN Computers for any unknown device IP addresses or unfamiliar addresses.

Use Wireshark and domaintools.com to help you narrow down who and where these are coming from.
You might set up Network Access rules and see if this does anything.
Ensure your routers loging, WiFi are all secured using Passwords. Preferred security is WPA-Personal. WPA2/AES Only.

Ensure all PC and Laptops are scanned for any malware or viruses.

The one IP address belongs to the following:
IP Location:     United States Rancho Cordova Foundation Health Corporation
 ASN:     AS33517
 IP Address:     198.153.182.40     


NetRange:       198.153.182.0 - 198.153.182.255
CIDR:           198.153.182.0/24
OriginAS:       
NetName:        FHC-CLINIC-32
NetHandle:      NET-198-153-182-0-1
Parent:         NET-198-153-171-0-1
NetType:        Reassigned
RegDate:        1993-01-29
Updated:        2005-05-09
Ref:            http://whois.arin.net/rest/net/NET-198-153-182-0-1

CustName:       Foundation Health Corporation
Address:        3400 Data Drive
City:           Rancho Cordova
StateProv:      CA
PostalCode:     95670
Country:        US
RegDate:        1993-01-29
Updated:        2011-03-19
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

calculi

  • Level 1 Member
  • *
  • Posts: 13
Re: DIR-865L Weird Internet sessions
« Reply #2 on: February 17, 2013, 11:42:40 AM »

Hardware version: A1
Firmware version: FW 1.03
Region: Sweden
ISP: CABLE LAN, Bahnhof.se via MKBnet
ISP Modem: none
ISP MTU: 1500

Router: Static assigned IP in the Network settings. I am within a class A network range. I Keep DHCP off for the network to avoid any conflict and keep track of my different computers.

I keep Upnp: OFF
Firewall: Active but I run Port and Address restricted. Also I have some inbound rules and some access rules, but nothing too fancy. No advanced port forwarding and link-only ipv6. No QoS Engine. No WPS.  
WPA2 only, AES…

The DNS server I found in my internet session was 198.153.192.40, not 198.153.182.40 as posted in the reply to my original message.

I used 198.153.192.40 as a DNS server (Norton DNS Service).

I run Mac OS X Moutain Lion, With no Symantec productions on the computer. I run Viscosity from time to time and have tested out three different VPN services, all which work ok.

General IP Information

IP:         198.153.192.40
Decimal:      3331964968
Hostname:      198.153.192.40
ISP:         Symantec Corporation
Organization:   Symantec Corporation
Services:      None detected
Type:         Corporate
Assignment:   Static IP
Blacklist:   
Geolocation    Information

Country:      United States
State/Region:   California
City:         Cupertino
Latitude:       37.3042  (37° 18′ 15.12″ N)
Longitude:       -122.0946  (122° 5′ 40.56″ W)
Area Code:      408
Postal Code:   95014


The provider is Bahnhof.se but I am connected to Bahnhof.se via a "city net" called MKBnet.
This net seems open since I can find shared units if I connect the computer directly to the socket in the wall. At least one of these units belongs to a person living more than 500 metres away from me in a different building. There's also some NAS drive that is shared that pop up from time to time...

I dont see these if I connect via the router.
« Last Edit: February 17, 2013, 12:02:35 PM by calculi »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-865L Weird Internet sessions
« Reply #3 on: February 17, 2013, 02:09:38 PM »

Typo on my part. Sorry.

If DHCP servcies are OFF on the 856L then I would presume that those entries are coming from something on your network, i.e. PC or device.

You can select on the links in the Internet Sessions and it should reveal more information.
« Last Edit: February 17, 2013, 02:13:16 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

calculi

  • Level 1 Member
  • *
  • Posts: 13
Re: DIR-865L Weird Internet sessions
« Reply #4 on: February 18, 2013, 11:44:24 AM »

Thanks for the reply.

I only have a maximum of 5 computers on my subnet.

What I am just wondering if is the internet session might be bugged since it shows weird names "eplied]" or if it is acting accordingly to what it is designed for when it shows foreign ip numbers amongst my local network?

When I usually call my DNS Servers, I can see for instance 208.67.222.222:53 direction out, when I click on my computer ip in the list.

I didn't have time to check what symantec ip was doing as I got a little too careful and quickly turned the router off.

« Last Edit: February 18, 2013, 11:47:03 AM by calculi »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-865L Weird Internet sessions
« Reply #5 on: February 18, 2013, 12:26:03 PM »

I would try this:
1. Turn off ALL devices.
2. Using one PC only, do a factory reset.
3. After the reset and the router is ready, check your Internet sessions for this odd entry. If you don't see it, turn on the next device and check again. Graduate turning on devices until you notice this.

Might help narrow it down. I did see some information about "eplied" on domain tools. You might do some searching. I've never seen this on my 865L.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

TimeShifter

  • Level 1 Member
  • *
  • Posts: 8
Re: DIR-865L Weird Internet sessions
« Reply #6 on: February 18, 2013, 09:08:44 PM »

OK, I had this same issue on v1.02.  Can't recall if it existed on v1.03.  However, after upgrading to v1.04 and being operational for a day, that particular connection hasn't shown up.  May have to monitor for a few more days yet.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-865L Weird Internet sessions
« Reply #7 on: February 20, 2013, 07:01:22 AM »

Any status on this?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

TimeShifter

  • Level 1 Member
  • *
  • Posts: 8
Re: DIR-865L Weird Internet sessions
« Reply #8 on: February 20, 2013, 05:55:48 PM »

As of yet, it has not shown up :)
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-865L Weird Internet sessions
« Reply #9 on: February 20, 2013, 05:56:31 PM »

Good to hear. Keep us posted if anything does.

Enjoy.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

calculi

  • Level 1 Member
  • *
  • Posts: 13
Re: DIR-865L Weird Internet sessions
« Reply #10 on: February 24, 2013, 03:45:57 AM »

OK, I had this same issue on v1.02.  Can't recall if it existed on v1.03.  However, after upgrading to v1.04 and being operational for a day, that particular connection hasn't shown up.  May have to monitor for a few more days yet.

I found the 1.04 firmware on the forum and will test it...

I still get my problem from time to time with my 1.03 fw and havnt't found a solution for it. Tried resetting. Working with just one computer, then adding one more, two, three, even put a double router to test things. It still occurs from time to time. Also tried blocking ipv4 and ipv6 for all other machines and setup up a pretty insane firewall rules and it still works excellent in all various configurations (ie, double router firewalls, etc. different vpn on the machines, etc.), but it does not seem to make any difference to the "eplied]" bug and other weird internet sessions bugs.

I will check to see if 1.04 fw will do the trick.


« Last Edit: February 24, 2013, 05:58:57 AM by calculi »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DIR-865L Weird Internet sessions
« Reply #11 on: February 24, 2013, 09:51:34 AM »

Any chance you can take this router to a different location, say a friend, family or a different location where there is a different ISP or modem and just connect the 865 to there system to see if this entry appears? I'm wondering if this is something on your ISP system maybe.

Let us know if you upgrade, do a factory reset before, and after sending the file then set up from scratch and only change the SSID and PW, try to leave the rest set as default.

Keep us posted.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

TimeShifter

  • Level 1 Member
  • *
  • Posts: 8
Re: DIR-865L Weird Internet sessions
« Reply #12 on: February 24, 2013, 12:15:46 PM »

I found the 1.04 firmware on the forum and will test it...

I still get my problem from time to time with my 1.03 fw and havnt't found a solution for it. Tried resetting. Working with just one computer, then adding one more, two, three, even put a double router to test things. It still occurs from time to time. Also tried blocking ipv4 and ipv6 for all other machines and setup up a pretty insane firewall rules and it still works excellent in all various configurations (ie, double router firewalls, etc. different vpn on the machines, etc.), but it does not seem to make any difference to the "eplied]" bug and other weird internet sessions bugs.

I will check to see if 1.04 fw will do the trick.



If this doesn't work for you, maybe try going to some basic settings (i.e. IP4 & IP6 Multicast - Disabled (off), and STORAGE: Shareport disabled (off)) < this is what I'm currently using.   This will also reduce network traffic and possibly one of these settings is causing the ieplied.  But only do this if you see the ieplied on 1.04.
Logged

calculi

  • Level 1 Member
  • *
  • Posts: 13
Re: DIR-865L Weird Internet sessions
« Reply #13 on: February 25, 2013, 02:29:01 AM »

Any chance you can take this router to a different location, say a friend, family or a different location where there is a different ISP or modem and just connect the 865 to there system to see if this entry appears? I'm wondering if this is something on your ISP system maybe.

Let us know if you upgrade, do a factory reset before, and after sending the file then set up from scratch and only change the SSID and PW, try to leave the rest set as default.

Keep us posted.

I'll get the router to a friend eventually to check and see what it is all about.
But for now it seems fw 1.04 seems to do the trick. No bugs so far! :)

Logged

calculi

  • Level 1 Member
  • *
  • Posts: 13
Re: DIR-865L Weird Internet sessions
« Reply #14 on: February 25, 2013, 02:32:09 AM »

If this doesn't work for you, maybe try going to some basic settings (i.e. IP4 & IP6 Multicast - Disabled (off), and STORAGE: Shareport disabled (off)) < this is what I'm currently using.   This will also reduce network traffic and possibly one of these settings is causing the ieplied.  But only do this if you see the ieplied on 1.04.

Thanks. I would never keep shareport opened unless it was a mistake. Everything called shared and multicast is turned off. I also tried the simple settings but it seems firmware 1.03 had some bug. The 1.04 fw seems better so far and the bug should have come by now.. Let's just cross the fingers.
Logged
Pages: [1] 2 3