Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Longs]

I have a DIR-655 A4 with 1.34 North American Firmware.  I have the system configured with MAC and access control restrictions to limit my computer-addicted son's access times to the network.  Being that my son is computer-addicted, having his access limited does not suit him, so he has attempted various ways to gain access.  He discovered that he could gain unrestricted access by restoring the router to factory defaults.

I had to locate the router within a secure environment so that he could not physically get to it to reset it via the reset button.

I determined that he's recently been resetting it.  I wasn't sure how, at first, but I could not see any evidence that he had attempted to physically get to it.  I then realized that although I had set an Admin password, I hadn't set it on the User level, so he could enter the IP address and then click the "restore to factory default" button which would give him access.  After realizing that he could do that, I assigned a password to the "User" account.

I discovered this morning that it had been reset again, so I had to restore the config file.  I verified that the system does prompt me for a password for either admin or user accounts, so there's no access to "restore the factory defaults".  I cannot see any indication that he's physically been able to access or tamper with the router. 

What am I missing?  Is there some way that he could be sending a restore to factory defaults command to the router via the command prompt without any password authorization?

[FurryNutz]

I would set up a passwords that you know if for Both Admin and User and keep them safe from him. If he doesn't have physical access then setting both PWs should resolve this. Make the PWs complicated if needed.

Also ensure that the Remote access to the web page is disabled to be safe. Even though he can't access the routers web page from the LAN side, he could have someone else access the routers web page remotely.

Ensure that he's not using any other devices to gain access to the network. Check the Status/Device Info/Connected LAN devices list and make sure you don't see any MAC/IP addresses that do not belong on the network.

IF guest zone is enabled it shouldn't matter as any devices connected to that should not have access to the routers web page at all however disable Guest Zone if needed.

There isn't a way to reset the router by sending a command via IP address to the router that I know off, however there could be some FTP commands sent however I think you still need access physically to the routers button to get the router into an FTP mode.

If any of this doesn't help, you may need to get into a router that doesn't have the User Access account mode. I'd have to have a look to see which ones don't have the User Account feature and only the Admin account.

Keep us posted.

[Longs]

Thanks for the reply, Furrynutz!  I am going to ask him how he's restoring factory defaults to see what he says.  Like I said, I don't believe that he has physically accessed the router, but I'm not 100% certain.  I don't believe that he has the passwords for the admin or user account.  If he had the admin PW, he could just turn off the access control without my knowing.  I don't have remote access or guest zone enabled.  I set the list of permitted MAC addresses, but even if he could go to another device in the house, he shouldn't be able to get to the "restore factory default" button without either the admin or user password.

I'll post whatever I learn.  There's also the good old "I'll just take the computer away, physically".  I already had to remove the wifi card from the laptop to keep him from connecting to neighbors' unsecured networks outside of his permitted access times.

[FurryNutz]

I found about 4 other model routers that don't have the User Account feature if you need that info.

I would presume if he's resetting the router, it would be by the back button or he's some how gained access to the routers web page or hacked the PW some how.

Look at the Admin logs...see if you notice the time frames on when the router was reset. Set the log options to log ALL.

Also disable WPS to be sure as well. I know it needs to be physically accessible however, just to be safe.

Keep us posted.

[Longs]

I will check some other settings.  Given that I don't believe he can get to the "restore factory defaults" button I don't think that it's a question of getting a different router.

The other problem is that apparently when there's a "restore factory defaults" the logs before the change are wiped out.  Is there any way to preserve them?

[FurryNutz]

Unfortunately not with those logs however possibly you could set up a syslog server on a PC and use a free syslog server SW and point the router to the PC that is syslogging.  

I'm just hoping that he's not bypassing the User Account access by some other means as those are the only 2 ways of known user options to reset the router back to defaults using the button or the UI, besides doing a FW upgrade which would reset to defaults however he still needs access to the routers web page for that.

Keep us posted.

[Longs]

While seemingly anti-climactic, he was in fact able to physically access the router and was hitting the reset button on the back to restore factory defaults.

[FurryNutz]

Guess you need to secure the router better sir.