D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => COVR-3902-US => Topic started by: 02ebz06 on September 13, 2017, 08:42:44 AM
-
I'd like to add as much security as I can to my wireless network.
I have not found any way to do the following:
1) Disable SSID broadcast
2) Limit network access to a list of MAC addresses.
Did I miss something, or are those features non-existent in the COVR ?
TIA
-
D-Link took out SSID hiding a while ago in previous models as its not very secure and can be seen by scanners.
Have you set up parental controls for your devices that need control?
-
Never thought about setting Parental Control, since our kids have flown the coop.
Isn't that for outbound connections though, I want to block inbound connections?
I will look at it.
Being able to only allow certain MAC address on the local network would be ideal.
-
What are you trying to limit on the your network?
The Mac Filter was also a older generation feature. ::)
Are you trying to keep others from the outside coming in?
-
Dang, just lost everything I was adding.
I was playing with a IPV4 firewall, but lost outgoing connection when I saved the rule, and everything I had typed in.
Yes, want to block WAN to LAN access.
For the rule, I selected this --> "Turn IPV4 Filtering ON and DENY rules listed"
The manual isn't 100% clear at to what this means (at least to me).
From the manual: "To begin, use the drop-down menu to select whether you want to ALLOW or DENY the rules you create"
Denying the Rule seems a strange way to word it, so I assume that it means it will deny the access listed in the rule.
Had an issue with setting a WAN rule range.
Can't use 0.0.0.0-255.255.255.255
Lowest you can set is 1.0.0.0 and highest is 223.255.255.255
So I created this rule"
"Turn IPV4 Filtering ON and DENY rules listed"
Name: Block WAN Access
Source: WAN 1.0.0.0-223.255.255.255
Destination: LAN 192.168.0.0-192.168.255.255
Port Range: Any
Schedule: Always Enable
So once I Saved it, I lost outbound network connection.
Obviously that was not what I wanted to happen.
-
Thats because your blocking the entire internet range with in .1 thru .255. You can't do that.
I believe that that filter is meant for a specific IP address from the WAN to block so if you have a WAN IP address thats trying gain access to something on the LAN side, you would just use that one IP address that is attempting to gain access. Don't use the full IP address range or you block the entire internet.
Dang, just lost everything I was adding.
I was playing with a IPV4 firewall, but lost outgoing connection when I saved the rule, and everything I had typed in.
Yes, want to block WAN to LAN access.
For the rule, I selected this --> "Turn IPV4 Filtering ON and DENY rules listed"
The manual isn't 100% clear at to what this means (at least to me).
From the manual: "To begin, use the drop-down menu to select whether you want to ALLOW or DENY the rules you create"
Denying the Rule seems a strange way to word it, so I assume that it means it will deny the access listed in the rule.
Had an issue with setting a WAN rule range.
Can't use 0.0.0.0-255.255.255.255
Lowest you can set is 1.0.0.0 and highest is 223.255.255.255
So I created this rule"
"Turn IPV4 Filtering ON and DENY rules listed"
Name: Block WAN Access
Source: WAN 1.0.0.0-223.255.255.255
Destination: LAN 192.168.0.0-192.168.255.255
Port Range: Any
Schedule: Always Enable
So once I Saved it, I lost outbound network connection.
Obviously that was not what I wanted to happen.
-
I guess I misunderstood it's function then.
I though it would block any outside IP from trying to access my network.
Don't understand why it blocked outgoing traffic.
So you are saying I need to allow unsolicited WAN devices to access my network?
So no way to block unknown unauthorized IP's from accessing my network?
-
I believe thats whats it's for, WAN Side.
You would have to figure out what WAN side IP address are attempting to gain access to block. I believe also that this is a pin hole kind of process as well so if you do want WAN side addresses to have access to the LAN side sources, this is used in this regard, like if you have a server on the LAN side which you want remote WAN side users to have access, then you would allow access from there specific IP addresses thru the firewall.
-
No user community, just me and my local servers for my use only, and other LAN connected devices.
Any idea why it blocked outgoing connections?
-
Your range was all inclusive in the configuration so everything got blocked. ::)
-
Right, but that was WAN to LAN, not LAN to WAN.
-
Correct. You blocked all incoming traffic. Your traffic from your network went out but was not let back in since it is blocked. Since you cannot connect to the internet, the filtering is working :)
-
Yeah, the light came on after I posted that. it is the WAN sending the page to me, not me retrieving it.
So, no way to block intruders unless you know who they are.
-
Well the router does that already. Most incoming traffic (that was not requested by your local network or you hosting a server) is automatically blocked by default. If I have your WAN IP address I cannot just enter your network (unless I was a skilled hacker that knew an exploit).
-
OK, thanks.
Just because I'm paranoid, it doesn't mean they aren't out to get me. ;D
-
You could if you wanted too. Set the systemlog to email you on any notifications to see if any WAN IP addresses show up. IF the logs show attempted WAN side IP addresses, maybe then you can set a rule to block that IP address then.
I've never seen or had any issues from the WAN side on any of my D-Link routers. Been safe and secure using router default settings and configuring SSID and PWs. I do keep FW up to date unless I'm testing something out. ::)
-
Any inbound traffic from the WAN side are blocked by default. The only way in is through remote management if enabled, but that is protected with a password.
The other way they can get in, is through the LAN ports but that secured in your house. Just make sure the doors and windows are locked. =)
The third way is wireless but it is already hidden and protected with WPA2 Authentication.
So far no known vulnerabilities with COVR system.
-
You could if you wanted too. Set the systemlog to email you on any notifications to see if any WAN IP addresses show up. IF the logs show attempted WAN side IP addresses, maybe then you can set a rule to block that IP address then.
I've never seen or had any issues from the WAN side on any of my D-Link routers. Been safe and secure using router default settings and configuring SSID and PWs. I do keep FW up to date unless I'm testing something out. ::)
Right now, I have it going to my Syslog server. Guess I could write a script to scan it.
Speaking of firmware...
Router says
Current Firmware Version: 1.00, Fri 02 Jun 2017
Current Firmware Date: 2017-06-02 05:20:00
Web site (and in another thread here, says latest is 1.00B19 / 1.00B11 for Ext) with a date of Aug 17, 2017
Since firmware dates are different, I told the router to check for new firmware.
Said I was running the latest.
So, is it newer or not is the question...
=====================================================================================================================================================================
Any inbound traffic from the WAN side are blocked by default. The only way in is through remote management if enabled, but that is protected with a password.
The other way they can get in, is through the LAN ports but that secured in your house. Just make sure the doors and windows are locked. =)
The third way is wireless but it is already hidden and protected with WPA2 Authentication.
So far no known vulnerabilities with COVR system.
Good to know, thanks
-
You can manually download the latest from the web site in case it hasn't been posted to the update server...
-
It should be the same firmware (shipping).
You can see the exact version on the router - 192.168.0.1/version.txt or dlinkrouter.local./version.txt
-
I get "Authetication Fail!" when I try that.
-
Oh really? They might have removed that. Let me find out quick.
-
Looks like you have to log in first. Log in normal and they just do the covr.local./version.txt or ip as in the previous message.
-
covr.local./version.txt gave me the Authentication fail message but http://192.168.0.1/version.txt worked.
Doesn't show the EXT version though. Guess you would have to log in there and do same.
Version
Firmware External Version : V1.00
Firmware Internal Version : V1.00b19
Date : 02, Jun, 2017
Thanks, good info to have handy.
-
The firmware on the support site is the same. The date on the website is when it was posted on the website.
-
support.d-link.com shows the August date.
(https://i.imgur.com/wTpxpNc.jpg)
-
correct. That is when it got posted to the support site. If you look at the release notes it usually has the firmware date.
-
http://forums.dlink.com/index.php?topic=72533.0 (http://forums.dlink.com/index.php?topic=72533.0)