D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: dlflv on March 26, 2010, 08:51:40 PM
-
Hi,
I just upgraded to firmware 1.33NA for my dlr-655 today. When I looked at the router log, the router keep trying to connect to the site 174.78.110.160. Does anyone know what this site is and why is the router keep authenticating to the site?
DL
-
I believe that has to do with the "Secure Spot" feature in the router. Check under the advanced options to see if it is enabled. Secure Spot is only necessary if you're doing advanced remote monitoring of your network. In other words it is quite safe to turn off.
Patrick
-
Hi,
I just upgraded to firmware 1.33NA for my dlr-655 today. When I looked at the router log, the router keep trying to connect to the site 174.78.110.160. Does anyone know what this site is and why is the router keep authenticating to the site?
DL
that is for:
Administrative Contact, Technical Contact:
Communications, Cox mailto:fd2vs55j5ct@networksolutionsprivateregistration.com
ATTN COX.NET
care of Network Solutions
PO Box 459
Drums, PA 18222
US
570-708-8780
-
I am getting the same message in my log file.
Does anyone know if this is really conneced to SecureSpot? I do use SecureSpot to monitor my network.
-
I signed up to report in on this topic.
Starting on the 14th of this month, this IP address has used over 20GB of "upload" data, putting me WAY over my bandwidth cap (stupid ISP bandwidth cap).
Anyhow.. My internet has been slow and while i'm not an internet sleuth I was dismayed to find out i've used up all my bandwidth.. so the hunt began.. I looked in the logs, refreshed the logs and watched this IP address just fill up the sessions over and over.. The active internet sessions were not coming from one of my computers, but being bounced off the router. Local and NAT were the same IP and destination was this IP Address..
Well, a reverse lookup determined that it was a COX Communication IP Address.. A quick call to COX support and subsequent their NOC crew and it appears as though this IP is not appearing in my logs any longer. I don't understand what was happening or how it was doing what it was doing, but I think i've nipped it in the bud from my standpoint. If you are still seeing this in your logs, contact COX Communications IMMEDIATELY and lodge a complaint.
edit: Looks like its back.. that was quick.. I guess i'll have to wait for Cox to call me back, or lodge another complaint
-
This type of intrusion is common. You will likely tangle with Cox and others such as Google-analytics who want to proble and harvest information from your computers. Something you can do about unwanted packets immediately is to block them in your software firewall (I use Trend Micro) as well as block them in your Firewall Router.
Realistically speaking, it is not likely that the ISP's involved will be inclined to help you.
-
If it is an upload then you might have a rogue application on your PC.
-
I have the same problem:
[INFO] Thu Jul 08 10:28:03 2010 Sending log email as log is full
[INFO] Thu Jul 08 10:28:03 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:28:02 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:59 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:54 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:49 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:44 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:39 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:34 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:29 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:24 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:19 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:14 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:09 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:27:04 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:26:59 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:26:54 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:26:49 2010 Establishing connection w/ auth server: 174.78.110.160:443.
[INFO] Thu Jul 08 10:26:44 2010 Establishing connection w/ auth server: 174.78.110.160:443.
How do I block this from happening?
-
I have used many routers. Linksys has always "just worked", but I don't really like thier newer models nor do I like thier simplistic firmware options. I have also had many Dlink routers and switches. I like the options the firmware gives. I have a gamers lounge gigabit (non wireless) that performed very well. I picked up a Dir-655 for my house a little over a year ago. It has worked very well (rev A3 fw 1.21). I don't update firmware or drivers on anything unless I specifically need to, and as fw 1.21 has been fine, no need to update.
I ordered another Dir-655 for work last week. Monday I set it up, no problems really. However, I too see this router contacting that same IP address, and then disabled everything I could, only to have the problems persist. A phone call to customer support led me to someone who spoke pitiful english, and had no idea at all about what I was telling her. I then opened a trouble ticket, and gave this as my initial inquiry
I am very familiar with routers. This router is new, and setup correctly. However, the router connects to 174.78.110.160 on port 443. I have disabled securespot and every other option I can find. The source IP is the wan (static ip). I can unplug all computers, reboot the router, wait a minute, then plug computer in, and the router "internet sessions" will show that the router has already and still is sending and recieving packets from that ip address, which resolves to
Communications, Cox
ATTN COX.NET
care of Network Solutions
PO Box 459
Drums, PA 18222
US
570-708-8780
I do not want this router to communicate with that address and there is no need for it to do so. Please tell me how to disable this.
Here is the reply I got from tech support
We are not sure we understand the issue being faced by you, completely. Hence, we would like some more detailed information regarding the same, in order to be able to help you out. Please report back to us with a clear description of the exact network set-up at your place.
You may choose to include any other supplementary information related to the issue as well.
I did send a reply back, but think it is fairly obvious what I am telling them. Further, thier own forums have posts regarding this same issue. I did not feel they were going to give me an answer other than to flash the firmware to latest or beta version. This new router is ver A4 fw 1.32NA.
After looking these forums over, I decided to go ahead and use the Russian firmware (1.31) and then downgrade to 1.21. The flashing went very well, and am happy to report that for me anyway, this router no longer sends data to Cox Networks. If I have another episode with Dlink sending information out of the router with no way to turn it off, I will stop buying Dlink products. If Dlink chooses to offer an option in the firmware or a firmware which opts out of such things, I will continue to buy them.
No threats, pretty simple really. Like many who have posted here, and the many more who only lurk and don't post, many people rely on me to manage thier computers and networks. I like Dlink and have had many people buy thier products because of my experiences/recommendations. I understand this is a drop in the bucket in the grand scheme of things, but perhaps someone at Dlink might take note for the future.
Mr Sully Woo
-
I went back to 1.20 and i still get that stupid message
currently using my netgear well one of two i have
we have 7 different routers and the dlink was the only one that gave us good speeds on ps3s and computers at the same time.
till lately
when i paying for speeds up to 60mb a second it sucks
-
I went back to 1.20 and i still get that stupid message
currently using my netgear well one of two i have
we have 7 different routers and the dlink was the only one that gave us good speeds on ps3s and computers at the same time.
till lately
when i paying for speeds up to 60mb a second it sucks
I went to v1.21 (no shareport) and no longer see this. Using wireshark on another computer, rebooting the router, does not show this traffic any longer. I do not know if wireshark could detect this though as it eminates from the router. Perhaps I will place the dsl modem into a hub before it goes into the router, then the signals will be broadcast to all hub ports and wireshark could detect it.
Mr Sully Woo
-
Hello all,
This is my first tech post for troubleshooting and fixes. I read this forum, and it helped me solve this problem. So I signed up to give you all my two cents.
I did the same thing that Mr Sully Woo did with great results. I had v1.32NA firmware, and I had an endless log of "establishing connecting w/auth server 174.78.110.160:443."
Since it is not possible to *directly* downgrade from v1.3x to a lower firmware, I followed these directions: http://www.ispgeeks.com/wild/modules.php?name=Forums&file=viewtopic&t=4229&mode=&order=0&thold=0
Basically you upgrade your DIR-655 to the Russian 1.31, and then downgrade to 1.21 No SecureSpot provided at Dlinks official website (as hinted by Woo). This link just provides full instructions and a download link to the unofficial fix.
No more of these auth surver messages popping up in the log every second or two. My wireless connection is now quite peppy also, and the router isn't becoming unresponsive to internet requests every 15 minutes or so like it used to. I can't believe this 1.32NA firmware came stock on this router, it was absolute garbage. I highly recommend the downgrade to v1.21 NO SECURESPOT!
Thank you all for your help, you've saved me a lot of frustration.
-
I had exactly this problem. My solution was not so cryptic though.
I basically went into the Administrative settings - Advanced -> Securespot and disabled the check-box
This was because I was/am getting nasty reboots/timeouts I had an old crappy linksys that had been in service for many years, this is a new router from my perspective.
About the only other issue I've found which simply is BAD, is the NTP server setups. I went to synchronize with an external NTP server, and that confused the router so badly I had to disconnect it from the internet and re-access the admin services and disable NTP references. So for the future, I'll simply "set it and forget it" when it comes to accurate time setup.
-
signed up just to post. what the heck is Dlink thinking, they're supposed to be smarter people working there.
so far i just disabled the check box. i'll keep monitoring and see if the problem returns.
hoping this will solve the wireless blocking too.
-
I am running 2 DIR-655 at different sites with different ISPs. The router using Shaw Cable (in Canada) has never had this problem, both when I was a dynamic IP and now that I use a static IP with them. Securspot is enabled (even though I havent used it).
Telus (again, Canada), an ISP who assigns a static IP dynamically, was very slow. I had a lok at the log on my router to see whats going on and saw that message over and over ever since the router was up abnd running. I disabled Securespot and now the log messages have gone away...I have yet to see if my router is any faster...but this is definitely an odd issue.
I am normally really happy with D-Link products, so I hope they eventually are able to duplicate this issue on their end and eventually fix it. For now i disabled Securespot...I dont even use it anyway, it is turned on out of the box.
Dave
-
Hi. I just stumbled across this forum while searching for the same IP address. I have the DIR-655 w/ 1.33NA FW with SecureSpot disabled, and the log is still showing that IP several times per day. I've also had several router timeouts, requiring a manual reboot (power cycle) to get it working again. It belongs to Charter Comm and is the router I've been using for 2.5 years. The problem really started getting bad when I upgraded to their 50 Mbps service. Not sure if the two problems are related...
It looks like there's some useful information here that I can try. I'll post my results when I have them.