D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: Ghostnyc on December 07, 2008, 10:30:05 AM
-
I got my DIR 655 (HW A3, FW 1.21) from Costco. I am upgrading from the DI 624 (yup old workhorse lasted a long time)
On DI 624- I had 1 desktop hardwired, 2 Ibm Thinkpads, 1 Macbook and 2 Blackberry Curve's that connected to it with WPA security. I disabled SSID broadcasting and set a unique network name. All my home devices connected without any issues. And any guest devices (friends, family, etc) that visited were able to easily connect easily once I gave them access.
Currently on DIR 655- there are many more configuration options (good thing) and new terms. For example broadcasting SSID is now visible or invisible. My blackberries won't connect at all to the network while invisible (however they will connect when visible). I currently have Wireless Secure Mode set to WPA Personal and WPA set to AUTO. My laptops however are connecting fine.
ANY Advice/feedback will be appreciated I currently use blackberry with UMA to make phone calls- so its rather important for me to get this working again.
-
Just to update previous message- I changed network status to VISIBLE- and blackberry immediately picked it up and logged into network, switched to back to invisible, blackberry lost connection cannot relocate.
Macbook has not lost connectivity at all, neither has thinkpad.
-
Have you tried setting up the blackberries connection setting manually to match the router?
-
Disabling SSID visibility will always result in connection problems. Albeit interruptions or just can't connect.
Not sure why people would disable the visibility anyway. Just causes more problems. You are fine with WPA/WPA2 security anyway.
-
Have you tried setting up the blackberries connection setting manually to match the router?
Yes I've tried that twice as well as performing a battery pull (considered a hard reset for a blackberry) and I still cannot connect.
Regarding comments by user- Reinvented- wpa/wpa2 are sometimes sufficient, but if you happen to come across some overly eager people trying to test out the latest in networking cracking software, I'd rather not have my network not show up on scans. Granted, nothing is 100% fool proof, but that doesn't mean you have to make it easy for them.
any other ideas, I would be glad to test them out.
-
Disabling SSID visibility will always result in connection problems. Albeit interruptions or just can't connect.
Not sure why people would disable the visibility anyway. Just causes more problems. You are fine with WPA/WPA2 security anyway.
Disabling the SSID visibility is one of many steps used to help secure a network.
-
Of course, but causes more connection problems than anything.
If you are a home user, then the chances of someone doing some wardriving and ACTUALLY being good at it, are slim to none. And unless you have VERY VERY sensitive information, then there's no need for turning off SSID visibility. Again, it's ONLY causing you problems with connectivity.
WPA2 is strong enough, and most devices these days can utilize it. And if you want to secure your network, and keep people from accessing it, your shares on your network should have user accounts to allow access to only certain people. Force AES if your devices are capable of it too.
-
Disabling SSID broadcast is NOT a security measure. EVER. Anyone that can hack the simplest of WEP keys is going to know how to use stumbler. You can disable the ESSID, but you can't disable the BSSID and thats what stumbler finds.
-
Anyone that is "trying the latest network cracking software" will be using, more than likely, the exact same software to discover every SSID within range - visible or not.
-
@Ghost - let me know if you experience any wireless restarts on the 655. I have my blackberry on UMA, and have been troubleshooting wirless restarts for weeks.
-
@Ghost - let me know if you experience any wireless restarts on the 655. I have my blackberry on UMA, and have been troubleshooting wirless restarts for weeks.
As of yet, no wireless restarts on the 655. On Sunday pretty much spent the day working on varios things online while my GF was streaming some content without interuption or issues. With my previous router DI 624 one of us got kicked off the network when we started streaming some media content, DIR 655 so far handles that issue well. I will be on the look out for that issue though, I am planning to use UMA on 655 as well.
If anyone has any ideas as to why the invisibility option is not functioning- I will be glad to hear it and test out a solution. Whether its security issue or not, I don't want to get caught up in that arguement. I really respect your opinion. But its my preference & I just would like to know that something I spent my money on actually works and that all the features it is capable of work as well.
-
I just made mine invisible, and at first I thought I saw the same problem. About 20 minutes later my blackberry pearl 8120 did connect, and tunneled into the UMA.
I'm using firmware 1.21 for the router, and I downloaded the most recent firmware from blackberry (which fixed a wifi-tower handoff problem I was having with it)
I have given the blackberry a DHCP reservation on the router, and I have WPS turned off. I'm on mixed N and G mode, fixed channel to channel 1, and channel width set to 20 MHz.
I did not give the router a domain name.
Hope this helps.
-
I just made mine invisible, and at first I thought I saw the same problem. About 20 minutes later my blackberry pearl 8120 did connect, and tunneled into the UMA.
I'm using firmware 1.21 for the router, and I downloaded the most recent firmware from blackberry (which fixed a wifi-tower handoff problem I was having with it)
I have given the blackberry a DHCP reservation on the router, and I have WPS turned off. I'm on mixed N and G mode, fixed channel to channel 1, and channel width set to 20 MHz.
I did not give the router a domain name.
Hope this helps.
I will test your out your settings on my network. I tested out connection settings before with settings spec'd below for an estimated 45-60 minutes to no avail.
Firmware- 1.21
DHCP- No reservations for blackberry or any other device
WPS is off
On mixed B, G, N mode
Auto Channel
Auto width 20 mhz/40mhz
no domain name
Thanks twk3- will get back to you
-
Regarding the making the SSID invisible, if someone wanted to hack into your network I'm sure they'd be using a wireless utility that can see the mac address of a network not broadcasting its SSID and they' d be using a packet sniffing program too which enables them to get all the info they need to to connect to the network including the SSID and the WPA passphrase and the mac filter list(if mac filtering is enabled).
WPA and WEP don't keep hackers out they keep people who are not hackers from connecting to your network. Most people are not hackers.
-
Regarding the making the SSID invisible, if someone wanted to hack into your network I'm sure they'd be using a wireless utility that can see the mac address of a network not broadcasting its SSID and they' d be using a packet sniffing program too which enables them to get all the info they need to to connect to the network including the SSID and the WPA passphrase and the mac filter list(if mac filtering is enabled).
WPA and WEP don't keep hackers out they keep people who are not hackers from connecting to your network. Most people are not hackers.
Scottymo- What settings would you recommend for an overall secure network?
Also just out of curiousity, I've read here and on other boards that not broadcasting your SSID is not a real security measure, Im curious as to why the option is still available on wireless routers?
-
It's available because if we were to take it off, all the people that believe it's a real form of security would cry.
-
It's available because if we were to take it off, all the people that believe it's a real form of security would cry.
Is that the official response from DLINK? LMAO
Lycan- how do you secure your network?
-
All about choices. If you decided you were going to have an open network, cause you didn't want to deal with passwords and encryption and anything, but still didn't want you neighbour to grab up your internet, (let's say they aren't hackers, or aren't 16+ and know that you can dl wep cracking programs to do it for you if you ask google where to find them), then you might set your SSID to something interesting, and make it invisible. And that might work for you.
Secure, nope. Effective in keeping your non-tech neighbour from eating your bandwidth, maybe 80% of the time.
(Note that even some default utilities use more than just the SSID. Using an atheros adapter, with the atheros profiler/connection utility will sometime list invisible networks as well, depending on which version you are using.)
-
All about choices. If you decided you were going to have an open network, cause you didn't want to deal with passwords and encryption and anything, but still didn't want you neighbour to grab up your internet, (let's say they aren't hackers, or aren't 16+ and know that you can dl wep cracking programs to do it for you if you ask google where to find them), then you might set your SSID to something interesting, and make it invisible. And that might work for you.
Secure, nope. Effective in keeping your non-tech neighbour from eating your bandwidth, maybe 80% of the time.
(Note that even some default utilities use more than just the SSID. Using an atheros adapter, with the atheros profiler/connection utility will sometime list invisible networks as well, depending on which version you are using.)
Lets say you're going for 90-95% security rate and you have mixed bag of newbies and knowledgable people who either want to use your bandwith or get into to see your private **** stash- What would YOU do to secure your network? Top 10 steps (or Top 5)
-
No, its my opinion.
I use WPA2/AES and MAC filtering, and pc running Ubuntu to monitor and audit network connectivity.
-
Using WPA2 usually keeps out even people in the know because it requires that the hacker use a dictionary attack. (Or a handoff I suppose) Using AES instead of TKIP, (not that it really matters, but TKIP does have one security flaw that has been demonstrated)
To protect against a dictionary attack, you need a strong password. It's not always easy to make a strong password. Using the WPS option (that we both have turned off atm >_<) allows the router to create strong keys for devices, you have to add the device to the network using a PIN number, but once the device is added, it uses the strong key.
Your blackberry supports WPS.
Also, use a SSID that is not on this list: http://www.wigle.net/gps/gps/Stat
Something to do with rainbow tables, no clue how it works or why, but that's what I've heard.
You should also secure your computers by keeping their OS updated.
I personally don't use the mac filtering, some people do. I have DHCP reservations for all of my devices, and I simply check my logs every once in a while to see what's up. But MAC Filtering is certainly one way to go.
I like Lycan's network audit setup. If I was running server services I might want a dedicated PC to monitor and audit the network. If you're hardcore on security you can throw in a honeypot ;)
-
Using WPA2 usually keeps out even people in the know because it requires that the hacker use a dictionary attack. (Or a handoff I suppose) Using AES instead of TKIP, (not that it really matters, but TKIP does have one security flaw that has been demonstrated)
To protect against a dictionary attack, you need a strong password. It's not always easy to make a strong password. Using the WPS option (that we both have turned off atm >_<) allows the router to create strong keys for devices, you have to add the device to the network using a PIN number, but once the device is added, it uses the strong key.
Your blackberry supports WPS.
Also, use a SSID that is not on this list: http://www.wigle.net/gps/gps/Stat
Something to do with rainbow tables, no clue how it works or why, but that's what I've heard.
You should also secure your computers by keeping their OS updated.
I personally don't use the mac filtering, some people do. I have DHCP reservations for all of my devices, and I simply check my logs every once in a while to see what's up. But MAC Filtering is certainly one way to go.
I like Lycan's network audit setup. If I was running server services I might want a dedicated PC to monitor and audit the network. If you're hardcore on security you can throw in a honeypot ;)
twk3, Lycan- Thanks for the feedback- will start playing with my configuration tonight.
2 other questions about DIR 655 if you could indulge my newbness - USB port on the back is it 2.0? and what is up with the refresh button on the side of the router?
-
It is 2.0, and that button on the side is the WPS configuration button, for the non-PIN method of adding WPS enabled devices to the network.
If the device supports Wi-Fi Protected Setup and has a configuration button, you can add it to the network by pressing the configuration button on the device and then the on the router within 60 seconds. The status LED on the router will flash three times if the device has been successfully added to the network.
^grammar mistake in the manual "then the on the router"=>"then the one on the router"