D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DIR-655 => Topic started by: Johnnyboy! on May 12, 2009, 12:46:15 PM
-
I was just reading this article on Digital Home:
http://www.digitalhome.ca/content/view/3696/280/ (http://www.digitalhome.ca/content/view/3696/280/)
It states that CAPTCHA is available on a long list of D-Link routers.
I have a DIR-615revB (v2.25), a DIR-625revC (v3.08) and a DIR-655revA3 (v1.31) and only the DIR-655 has the CAPTCHA feature that I can see.
Is this article just wrong, or am I just missing something?
-
This was added in the 1.2 fw wasn't it? Us euros are always behind :-[ but it's a nice feature to have.
-
Yeah, it's working fine on my DIR-655, even though I wish is was only for the WAN connection and not the LAN side.
What I was really asking about the other routers. The article mentions the 615 & 625 but I can't find it in those.
jB
-
In the US the road map calls for
1. DIR-685
2. DIR-825B1
3. DIR-655 w/securespot
4. DIR-825A1
5. DIR-628 w/securespot
6. DIR-625
7. DGL-4500
8. DIR-855
To all have the feature.
-
I knew that article was out to lunch.
I look forward to seeing it in the 625...
jB
-
I think it's personally a pain in the A__! I don't see where it's any better than a good password and it certainly is a pain sometimes. I've got a 655 and turned it off. Between the firewall on my modem and a password on the router I highly doubt anyone will get through.
-
Umm, amusing the lan is 100% safe is the reason the last flash & java exploits are so damaging, upnp is such a horrid security risk and why router viruses are so devastating. It stops brute force attacks stopping automated password crackers which fyi is exactly what it's intended to do.
The alternative to captcha is auto time-out for incorrect passwords which would mean you having to reset the router manually unless you didn't mind waiting 15 min to try again :o
-
Having a firewall on your modem is at best redundant, your router should be your security infrastructure, additional hardware firewalls before you LAN exist only to make your life more complicated than necessary.
Also, I agree CAPTCHA is a pain, I would have preferred a 3 strikes and locked out option, much less annoyance.
-
I think having the CAPTCHA only on the WAN interface and not the LAN interface would be a good compromise.
I think *most* people reasonably trust the users on the LAN side (unless you're in a high school!), it's the WAN side that is going to receive the attacks from bots.
Just my 2 cents....
jB
-
Yea, i'm not a big fan of captcha either. I never seen any discussions about having it added to the firmware, so I wonder what prompted them to add it, if not from user suggestion. If someone is THAT paranoid, may as well have certificate authentication or something. :P
-
The LAN is what scares them as much as the WAN.
Specifically it is a response to psyb0t et al.
-
I think D-Link has gotten ahead of themselves. D-Link Corporate has released a press release saying that the DIR-615 & DIR-625 "now feature CAPTCHA" ... "To upgrade routers with CAPTCHA, customers need to visit support.dlink.com to download the upgrade."
Except... I have a 615 & 625 with updated firmware but no CAPTCHA to be found. Makes me wonder if I have gone crazy and am totally missing it, or if D-link's left hand ain't speaking to its right hand no more.
You can read the press release here:
http://www.dlink.com/press/pr/?prid=500 (http://www.dlink.com/press/pr/?prid=500)
-
I think having the CAPTCHA only on the WAN interface and not the LAN interface would be a good compromise.
I think *most* people reasonably trust the users on the LAN side (unless you're in a high school!), it's the WAN side that is going to receive the attacks from bots.
Just my 2 cents....
jB
Like is already said, this is what the last java/flash were aimed at. Website > pc > Attack router via lan.
-
You basically don't want a D-Link router with the new CAPTCHA. The new CAPTCHA scheme was poorly implemented so that anyone within range of your router can gain access to your network. The folks at the SourceSec Security Research blog showed how the upgrade could be manipulated to steal a WPA (or Wi-Fi protected access) password without even bothering to solve the CAPTCHA test. A article on it is in yesterdays Register.
http://www.theregister.co.uk/2009/05/15/dlink_router_gimmick/ (http://www.theregister.co.uk/2009/05/15/dlink_router_gimmick/)
-
Fatman brought up the most important part of this whole debacle...
You have to be:
1) Physically wired into the network -OR-
2) An authenticated wireless client
Until one of those two happens first *and* given it's a home router (not something generally many people would have access to anyway) it's not as huge a gaping security hole. Especially if, on the wireless side of things, WPA2/AES is the encryption method in use.
If this flaw is in their enterprise products.. that would be really bad. However for SOHO use.. it's not as huge an issue as the media would let us all believe.
Don't get me wrong, it should be addressed quickly. My point relates to the sensitivity of the data behind what would be in a SOHO environment. If this affected JPMorgan Chase - I would be quaking in my boots and/or walking a few blocks over to the nearest branch to close my accounts :)