• March 28, 2024, 04:00:15 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Security risk with DIR-865L and some questions  (Read 15173 times)

chrisco

  • Level 1 Member
  • *
  • Posts: 4
Security risk with DIR-865L and some questions
« on: April 22, 2013, 07:32:56 AM »

Hi there,

having recently moved from a DIR-655 to the DIR-865L I was experiencing a lot of problems while getting the new device to work in my existing network. After toying with a lot of settings I now seem to have a stable network (the router still needs to be rebooted about once a week but this may be due to my other network devices or internet provider). I do remember that even with the DIR-655 it took quite a few firmware revisions before the box was working perfectly. It would have been great if D-Link had just extended the mature firmware of the DIR-655 to include some new functions - even though it might not have a shiny modern interface as some of the other new routers out there.

Some things that still bug me with the DIR-865L:

  • Where are the language packs? I can't seem to find any and although the original set-up was possible in other languages it somehow is not possible to run the router in any other language other than English - not really crucial but a bit annoying since the feature and option should be there.
  • I have been using no-ip.com as a DynDNS service. It does not seem to be possible to configure this within the DIR-865L while it was working nicely with the DIR-655. The workaround is to have a device inside the LAN configured to work with no-ip.com.
  • My DIR-865L forgets the admin password when I have changed the configuration and rebooted the device. This has been reported in this forum before and I don't think the issue has been fixed as of FW1.03 or FW1.04. This is a serious issue and for that reason I have blocked any remote access and deactivated all "cloud" functions. If I have to check each time whether the device has forgotten the admin password then these "cloud" functions are of no use. To be honest I was not really impressed by them anyway as e.g. the current implementation of remote file access to a memory stick in the USB port is rather awkward.

D-Link's routers have received a fair amount of bad press lately due to security risks and now it seems that the DIR-865L is definitely vulnerable as well:

http://securityevaluators.com/content/case-studies/routers/dlink_dir865l.jsp

To be fair D-Link is by far not the only manufacturer with security problems and my past good experience with the DIR-655 in my eyes still gives them the benefit of the doubt. However, I still wanted to point out to this forum that there currently is a confirmed security risk with the device that needs to be fixed asap - hopefully along with some other (minor) bugs.

regards,
chrisco
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security risk with DIR-865L and some questions
« Reply #1 on: April 22, 2013, 07:55:38 AM »

Link>Welcome!
Link>What Firmware version is currently loaded? Found on routers web page under status.
What region are you located?
Has a Factory Reset been performed  both before and after sending the FW update files and then setting up the router from scratch?
What browser are you using?
Try Opera or FF? If IE 8 or 9, set compatibility mode and test again.

What ISP Service do you have? Cable or DSL?
What ISP Modem Mfr. and model # do you have?
Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask. Link>Checking MTU Values
For DSL/PPPoE connectionds on the router, ensure that "Always ON" option is enabled.

Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router.
Turn off ALL QoS or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
Enable Use Unicasting (compatibility for some ISP DHCP Servers) under Setup/Internet/Manual.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting.
Ensure devices are set to auto obtain an IP address.
If IPv6 is an option on the router, select Local Connection Only or Disable IPv6 options under Setup/IPv6.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules. Enable IPv6 Multi-cast Streaming for routers that have a Media Server option. Disable IPv6 Multi-cast Streaming if IPv6 or Media Server is not being used.
Turn off WISH, and WPS under Advanced.
WAN Port Speed set to Auto or specific speed? Some newer ISP modems support 1000Mb so manually setting to Gb speeds can be supported by the router. Advanced/Advanced Networking/WAN Port Speed
Set current Time Zone, Date and Time. Use an NTP server feature. Tools/Time.
 
Link>Wireless Installation Considerations
Ensure the default (dlink) SSID name is changed. Can be anything and not something thats already in use by any neighboring WiFi routers. Under Setup/Wireless/Manual.
What wireless modes are you using?
Try single mode G or mixed G and N on 2.4Ghz and single mode N on 5Ghz?
Channel Width set for Auto 20/40Mhz or try 20Mhz only.
Try setting a manual channel to a open or unused channel. 1, 6 or 11. 11 for single mode N if the channel is clear.
What security mode are you using? Preferred security is WPA-Personal. WPA2/AES Only. Some WiFi adapters don't support AES, so you might want to try TPIK only or Auto.
What wireless devices do you have connected?
Any cordless house phones?
Any other WiFi routers in the area? Link> Use InSSIDer to find out. How many?

Try turning off Short GI, WLAN Partition,and Extra Wireless Protection if you have it. Under Advanced/Advanced Wireless.
Enable WMM Enable Under Advanced/Advanced Wireless.

Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
Turn off all devices accept for one wired PC while testing.

Check cable between Modem and Router, swap out to be sure. Link> Cat6 is recommended.



having recently moved from a DIR-655 to the DIR-865L I was experiencing a lot of problems while getting the new device to work in my existing network. After toying with a lot of settings I now seem to have a stable network (the router still needs to be rebooted about once a week but this may be due to my other network devices or internet provider). I do remember that even with the DIR-655 it took quite a few firmware revisions before the box was working perfectly. It would have been great if D-Link had just extended the mature firmware of the DIR-655 to include some new functions - even though it might not have a shiny modern interface as some of the other new routers out there.

Some things that still bug me with the DIR-865L:

  • Where are the language packs? I can't seem to find any and although the original set-up was possible in other languages it somehow is not possible to run the router in any other language other than English - not really crucial but a bit annoying since the feature and option should be there.
There are only 3 currently listed here: http://tsd.dlink.com.tw

  • I have been using no-ip.com as a DynDNS service. It does not seem to be possible to configure this within the DIR-865L while it was working nicely with the DIR-655. The workaround is to have a device inside the LAN configured to work with no-ip.com.
Check under Parental Settings for additional DNS settings.

  • My DIR-865L forgets the admin password when I have changed the configuration and rebooted the device. This has been reported in this forum before and I don't think the issue has been fixed as of FW1.03 or FW1.04. This is a serious issue and for that reason I have blocked any remote access and deactivated all "cloud" functions. If I have to check each time whether the device has forgotten the admin password then these "cloud" functions are of no use. To be honest I was not really impressed by them anyway as e.g. the current implementation of remote file access to a memory stick in the USB port is rather awkward.
Admin PW as been working for me and I'm currently using v1.01 FW. How complex is your PW and do you use any special characters? I only use 3 characters for my PW. Works well for me.

D-Link's routers have received a fair amount of bad press lately due to security risks and now it seems that the DIR-865L is definitely vulnerable as well:

http://securityevaluators.com/content/case-studies/routers/dlink_dir865l.jsp
I'll forward this on to D-Link.

To be fair D-Link is by far not the only manufacturer with security problems and my past good experience with the DIR-655 in my eyes still gives them the benefit of the doubt. However, I still wanted to point out to this forum that there currently is a confirmed security risk with the device that needs to be fixed asap - hopefully along with some other (minor) bugs.
If your are concerned about it, I recommend that you phone contact yoru regional local D-Link support office to inquire about it and get immediate information about it. Thise forums are for troubleshooting setup and get users online with D-Link products. Anything beyond this needs phone support with D-Link. Let us know if you get any information.


Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

chrisco

  • Level 1 Member
  • *
  • Posts: 4
Re: Security risk with DIR-865L and some questions
« Reply #2 on: April 22, 2013, 09:24:34 AM »


Link>Welcome!
Link>What Firmware version is currently loaded? Found on routers web page under status.

Currently using FW1.03 that was shown as available via the update function after my device was set up the first time - that update has made the use more stable.

What region are you located?
Has a Factory Reset been performed  both before and after sending the FW update files and then setting up the router from scratch?

I am located in Germany, Europe. I have set up the router from scratch after the firmware update.

What browser are you using?
Try Opera or FF? If IE 8 or 9, set compatibility mode and test again.

I am a happy Opera user - never had any issues with the old DIR-655 and passwords.

What ISP Service do you have? Cable or DSL?
What ISP Modem Mfr. and model # do you have?
Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask. Link>Checking MTU Values
For DSL/PPPoE connectionds on the router, ensure that "Always ON" option is enabled.

I am using DSL with MTU 1492 as before with the DIR-655 that got replaced. Internet service is fine and stable.

Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router.
Turn off ALL QoS or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options. Advanced/QoS or Gamefuel.
Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
Enable Use Unicasting (compatibility for some ISP DHCP Servers) under Setup/Internet/Manual.
Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting.
Ensure devices are set to auto obtain an IP address.
If IPv6 is an option on the router, select Local Connection Only or Disable IPv6 options under Setup/IPv6.
Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall.
Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules. Enable IPv6 Multi-cast Streaming for routers that have a Media Server option. Disable IPv6 Multi-cast Streaming if IPv6 or Media Server is not being used.
Turn off WISH, and WPS under Advanced.
WAN Port Speed set to Auto or specific speed? Some newer ISP modems support 1000Mb so manually setting to Gb speeds can be supported by the router. Advanced/Advanced Networking/WAN Port Speed
Set current Time Zone, Date and Time. Use an NTP server feature. Tools/Time.
 
Link>Wireless Installation Considerations
Ensure the default (dlink) SSID name is changed. Can be anything and not something thats already in use by any neighboring WiFi routers. Under Setup/Wireless/Manual.
What wireless modes are you using?
Try single mode G or mixed G and N on 2.4Ghz and single mode N on 5Ghz?
Channel Width set for Auto 20/40Mhz or try 20Mhz only.
Try setting a manual channel to a open or unused channel. 1, 6 or 11. 11 for single mode N if the channel is clear.
What security mode are you using? Preferred security is WPA-Personal. WPA2/AES Only. Some WiFi adapters don't support AES, so you might want to try TPIK only or Auto.
What wireless devices do you have connected?
Any cordless house phones?
Any other WiFi routers in the area? Link> Use InSSIDer to find out. How many?

Try turning off Short GI, WLAN Partition,and Extra Wireless Protection if you have it. Under Advanced/Advanced Wireless.
Enable WMM Enable Under Advanced/Advanced Wireless.

Turn off all anti virus and firewall programs on PC while testing. 3rd party firewalls are not generally needed when using routers as they are effective on blocking malicious inbound traffic.
Turn off all devices accept for one wired PC while testing.

Check cable between Modem and Router, swap out to be sure. Link> Cat6 is recommended.

Thanks for the advice. Believe me, I went through all the motions while I was setting up the DIR-865L to work as well as the DIR-655 did in my infrastructure. After all, the reason to change from the old to the new router was not that the DIR-655 was not working but rather the use of the faster 5GHz network and improved WLAN performance. I am satisfied with the WiFi-performance of my DIR-865L.

having recently moved from a DIR-655 to the DIR-865L I was experiencing a lot of problems while getting the new device to work in my existing network. After toying with a lot of settings I now seem to have a stable network (the router still needs to be rebooted about once a week but this may be due to my other network devices or internet provider). I do remember that even with the DIR-655 it took quite a few firmware revisions before the box was working perfectly. It would have been great if D-Link had just extended the mature firmware of the DIR-655 to include some new functions - even though it might not have a shiny modern interface as some of the other new routers out there.

Some things that still bug me with the DIR-865L:

  • Where are the language packs? I can't seem to find any and although the original set-up was possible in other languages it somehow is not possible to run the router in any other language other than English - not really crucial but a bit annoying since the feature and option should be there.
There are only 3 currently listed here: http://tsd.dlink.com.tw

Thanks for the link - CN, KR and TW is listed there. I was just wondering why I could not find anything before. I still find it a bit surprising that the device is officially sold in Germany without a German language pack. For comparison: on my old DIR-655 I could always change the interface language without having to load a language pack.

  • I have been using no-ip.com as a DynDNS service. It does not seem to be possible to configure this within the DIR-865L while it was working nicely with the DIR-655. The workaround is to have a device inside the LAN configured to work with no-ip.com.
Check under Parental Settings for additional DNS settings.

I'll check but this would be a weird place to put this option. Why not place it under the DDNS section where it should be?

  • My DIR-865L forgets the admin password when I have changed the configuration and rebooted the device. This has been reported in this forum before and I don't think the issue has been fixed as of FW1.03 or FW1.04. This is a serious issue and for that reason I have blocked any remote access and deactivated all "cloud" functions. If I have to check each time whether the device has forgotten the admin password then these "cloud" functions are of no use. To be honest I was not really impressed by them anyway as e.g. the current implementation of remote file access to a memory stick in the USB port is rather awkward.
Admin PW as been working for me and I'm currently using v1.01 FW. How complex is your PW and do you use any special characters? I only use 3 characters for my PW. Works well for me.

My Admin PW would be somewhat longer but nothing out of the ordinary. To be honest I would not allow any remote access to the router with just a 3 character PW. I would rather stick with no access than having a too short PW.

D-Link's routers have received a fair amount of bad press lately due to security risks and now it seems that the DIR-865L is definitely vulnerable as well:

http://securityevaluators.com/content/case-studies/routers/dlink_dir865l.jsp
I'll forward this on to D-Link.

Thanks.

To be fair D-Link is by far not the only manufacturer with security problems and my past good experience with the DIR-655 in my eyes still gives them the benefit of the doubt. However, I still wanted to point out to this forum that there currently is a confirmed security risk with the device that needs to be fixed asap - hopefully along with some other (minor) bugs.
If your are concerned about it, I recommend that you phone contact yoru regional local D-Link support office to inquire about it and get immediate information about it. Thise forums are for troubleshooting setup and get users online with D-Link products. Anything beyond this needs phone support with D-Link. Let us know if you get any information.

For the moment I will just wait and see. D-Link has just fixed some security issues with other routers earlier this month:

http://more.dlink.de/sicherheit/firmware.html.

For the time being I'll just keep my router without remote access. The fix should hopefully not take too long.


« Last Edit: April 22, 2013, 09:43:25 AM by FurryNutz »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security risk with DIR-865L and some questions
« Reply #3 on: April 22, 2013, 09:56:18 AM »

The language pack maybe in the works, I don't know. Could be that there wasn't a major need for some.
FYI, the only supported version of FW that should be loaded on your unit is v1.01. Any other versions that you may have loaded are not supported and are regional FWs that are not meant or designed for your region. There are differences in the code and regulations that require this here in the NA region that differs from EU and EA regions. Thus DLink has to have different regional FW. I would recommend reverting back to v1.01 that is officially posted on D-Link Germany web site.

You can do some basic remote management with mydlink.com with these newer routers.

Remote management is mainly for the one and only person doing the managing of the router. Should really never be more than one or maybe 2 if needed. If your a home user of these routers, it's important to have some level of PW protection however at the extreme cases, not many people are being effected by some of these security flaws. I presume maybe at some level there is a need to get them fixed however those who are attempting to gain information are looking for bigger pools to gain access too.  ;) My two cents.

Keep us posted on how it goes. Hopefully D-Link will resolve this soon.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

chrisco

  • Level 1 Member
  • *
  • Posts: 4
Re: Security risk with DIR-865L and some questions
« Reply #4 on: May 05, 2013, 03:41:14 AM »

New firmware just released on German FTP server:

FW1.05 with security fixes has just been put on the German Dlink FTP server

ftp://ftp.dlink.de/dir/dir-865l/driver_software/

I'll test that one to see whether it works with my setup.

Glad to see that some work is being done on the security issues.
« Last Edit: May 05, 2013, 03:55:34 AM by chrisco »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security risk with DIR-865L and some questions
« Reply #5 on: May 05, 2013, 10:11:25 AM »

This version is supported only on EU units and has Not been Officially released.
« Last Edit: July 15, 2013, 10:00:19 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security risk with DIR-865L and some questions
« Reply #6 on: July 15, 2013, 10:01:36 AM »

Any status on this since v1.05 has been officially released?  ???
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

chrisco

  • Level 1 Member
  • *
  • Posts: 4
Re: Security risk with DIR-865L and some questions
« Reply #7 on: July 16, 2013, 01:10:40 AM »

I upgraded to the officially released firmware 1.05b03 that was supposed to fix security issues. But again there are some serious problems in terms of security even with this version:

http://www.s3cur1ty.de/M1ADV2013-020

These problems have as of today not been fixed.

However, the worst problem I was having with the 865L was random drops of internet connectivity as also described elsewhere in this forum. The router was showing no problem at all but all connections LAN to WAN were lost at random intervals (sometimes within minutes, sometimes within hours of rebooting). The only solution was to manually reconnect or reboot each time.

I opened a service ticket with D-Link support 3(!) weeks ago but have not heard from them since. Very disappointing. Apart from an automated message that my service request was received no news...

To be honest I eventually got so fed up with this D-Link router that I now replaced it with an ASUS model. With precisely the same configuration as for the 865L there are now no more drops of internet connectivity.

After being a long time user of D-Link routers and other network devices the 865L was a bit of a desaster and will make me definitely think twice before buying another D-Link product.  :-\

Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security risk with DIR-865L and some questions
« Reply #8 on: July 16, 2013, 07:10:54 AM »

I highly recommend that you phone contact D-Link support. I go have attempted to use email support and it has been less than fulfilling. Phone contact is the only way to get your issues resolved.

I believe there could be an issue with your particular unit and it needs to be reviewed by D-Link support. I believe your units problems are an isolated event since nobody else has seen this issue that you are experiencing. Me for one as well. My unit has been working well since day one of it's arrival. However I reside in the NA region and I'm sure there are some differenced between our regions as far as ISP services goes.

I'll forward the security information on to my contact here and see if it effects our region as well.

Please phone contact D-Link support and get your unit into RMA.

Keep us posted on how it goes.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security risk with DIR-865L and some questions
« Reply #9 on: July 16, 2013, 09:23:39 AM »

Just FYI, I heard info back from D-Link. The security issues have been reviewed and they are working on the fixes. They don't seem to effect anything wirelessly.

I think possibly some of your wireless issues could be either configuration or environmental. ASUS does things differently from D-Link in how wireless is designed.

Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security risk with DIR-865L and some questions
« Reply #10 on: October 25, 2013, 12:27:55 PM »

Anyone try the new FW v1.05 for the NA region? Posted August. Working great here for my 865L.  ;D
« Last Edit: December 15, 2013, 08:38:39 AM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.