• December 11, 2019, 06:13:03 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Switch attempts to connect to Insight cloud services; NO OPTION to disable !?  (Read 83755 times)

darz

  • Level 1 Member
  • *
  • Posts: 3

For anyone's who's interested:

I just purchased/installed a DGS-1210-24 WebSmart switch yesterday.

Out of the box, it was at revs:

   Device Type      DGS-1210-24
   Boot Version     1.00.007
   Firmware Version 2.02.A005
   Protocol Version 2.001.004
   Hardware Version A1

Per

http://www.dlink.com/us/en/support/product/dgs-1210-24-24-port-gigabit-smart-switch-including-4-combo-sfp-ports

That's up to date:

Quote
Latest Firmware - Version 2.02.005

On install, I enabled logging, and immediately noticed continuous repetitions of:
Code: [Select]
...
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for software.napera.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for www.update.microsoft.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for update.microsoft.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for windowsupdate.microsoft.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for download.windowsupdate.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for c.microsoft.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for swscan.apple.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for swcdn.apple.com: -8
Mar  6 10:21:52 10.90.90.90 2013: NAPERA-4:NAPERA: [4] [5] dns resolution failed for swquery.apple.com: -8
...

'Napera' is, apparently, the whitelabel cloud services provider for DLink's "Insight" Cloud services (cref: https://twitter.com/napera)

I'd never enabled any of the Cloud services.

Clicking on the "Insight" tab pops up the following screen:



which shows an UNregistered device, with NO dns entries.

I called Business Tech Support, and after back-n-forth with Engineering, I was informed that the ONLY solution to this unauthorized Insight traffic, and the log entries that go with -- i.e. to have the ability to DISABLE Insight -- it is to DOWNGRADE firmware to a version that does NOT have it installed!

Specifically, a downgrade from rev 2.02.005 to rev 2.00.011, @ http://www.dlink.com/us/en/support/product/dgs-1210-24-24-port-gigabit-smart-switch-including-4-combo-sfp-ports

I'm rather surprised that

 (1) a switch has connect-to-cloud capability turned ON, with no option to turn it off,
and
 (2) that the "ONLY" offered solution is a firmware DOWNgrade, effectively limiting the upgrade path

(yes, I know I can null route the DNS queries being made as a workaround ....)

Is this folks' experience with D-Link "Business Class" devices?
« Last Edit: March 07, 2013, 06:15:54 PM by darz »
Logged

wmeigs

  • Level 1 Member
  • *
  • Posts: 1

Thank you for doing all that research. I wondered about that too.
I will block all traffic from the switch's ip address at my firewall.

I just received my switch (same model) yesterday as well.

And it does seem strange to have a switch generating all that internet activity.

This is my first experience with D-Link "Business Class" devices. It does seem like
they are putting a lot of effort into alternate revenue streams. I would never expect
that from a switch. Crazy. Guess I won't be using it in any of my client's networks.
Don't want that popping up in a security audit.
Logged

darz

  • Level 1 Member
  • *
  • Posts: 3

Quote
I will block all traffic from the switch's ip address at my firewall.

Just note that your logs -- if enabled -- will continue to fill up with its incessant whining about failed lookups.

Quote
And it does seem strange to have a switch generating all that internet activity.

This is my first experience with D-Link "Business Class" devices. It does seem like
they are putting a lot of effort into alternate revenue streams. I would never expect
that from a switch. Crazy. Guess I won't be using it in any of my client's networks.
Don't want that popping up in a security audit.

The device doing this is certainly bad enough.  The attitude @ support of "Oh, well.  Downgrade ...", rather than a reasonable "Ooops!  Our bad.  We'll fix it asap." removes this device from "Business Class" in my book.  One hopes the company does better as the devices get more expensive -- but I've no evidence of that as yet.

This switch is my trial-run with D-Link; I've got 15 more small-office switches to purchase.  I'm debating whether this is (the start of) a big enough issue to send it back for a refund, and provide that 'alternate revnue stream' to another vendor. 

Logged

myx

  • Level 1 Member
  • *
  • Posts: 1

Is it an option to use a European firmware? I'm using a DGS-1210-16 and didn't encounter the problem.
Link is: ftp://ftp.dlink.de/dgs/dgs-1210-24/driver_software/
Logged

andrmo

  • Level 1 Member
  • *
  • Posts: 5

I've just been bitten by this as well. I just wanted to add my voice of displeasure as to Dlink's "solution".

Pure and simple, this should be user configurable.
Logged

darz

  • Level 1 Member
  • *
  • Posts: 3

I recently followed-up on this with a Business Sales @ D-Link contact.

The response I got was, in effect -- it's not going to be updated/fixed because there's a new product line coming out to replace this one, and we should plan to buy the new units if we want this fix.

THIS is a vendor I want to trust and spend money with?

Not hardly ...
Logged

datapharmer

  • Level 1 Member
  • *
  • Posts: 1

I also agree that this is unacceptable. Filling my logs with no means of turning it off? What the heck is the deal? We don't want your cloud anything sending private network information to the internet and we definitely want a way to turn this off! Failing to do this will mean me failing to buy more of your hardware. It is no wonder this was only done to the U.S. market - if it were done in the EU it would probably be illegal!

By the way, flashing the German or European firmware results in "upgrade failed" at least for A1 hardware, so that isn't a solution either.
Logged