Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[kthaddock]

HI

My Dir-655 A3 F/W 1.30EU.

After exactly 30hr HTTPS access stop working but HTTP still work
from both WEB and LAN side. (Felkod: ssl_error_decrypt_error_alert)   Felkod=wrongcode
And after 40-45hr it's stops working totally, have to rebot.
But sometimes when I reset log in Dir-655 its start working again, STRANGE !!


To D-link ! Lycan and RU-FI-OH

I think all problem with this router is READ/WRITE to memory
When you have traffic from WAN and traffic from LAN side they interrupt with each other.
Alla function itself ARE working

Have you heard about "psyb0t", a worm that infects routers instead of PCs.

I have:
2PC playing CounterStrike = LAN
1 laptop playing Worldofworldcraft = LAN
1PC mine  = LAN
1 laptop = wi-fi 54Mbs

Regards
kthaddock

[Demonized]

DIR655 is not a linux router...

[kthaddock]

DIR655 is not a linux router...

Do you realy know what you are talking about ?

=========================================================================

Sat, 03/28/2009 - 11:16 — admin

In the last days several news blogs were publishing information about "psyb0t", a worm that infects routers instead of PCs. Often the authors are suggesting that also alternative router firmwares like DD-WRT might be affected. At the current state of our investigation of the issue we can tell that DD-WRT is not vulnerable by default, only when WAN management is enabled there is a chance to attack the router.

As described in the Drone BL Blog the worm works with a brute force attack using dictonary based random passwords - there is nothing we could technically do to prevent that in general. To succeed the worm requires a router whith management access enabled at the WAN port (Web / SSH / Telnet) at the standard(!) TCP/IP ports for the services and a weak administrator password.

To nullify the possiblity to get your router infected by the worm (or to be attacked with a similar mechanism) you can take the following precautions:

    * only enable admin access (Administration > Management > Remote Access) at the WAN port when required (most users don't need this and it's disabled by default)
    * if you need administration access via the WAN port
          o only use services with encrypted password transmission (HTTPS /SSH)
          o chose a non-dictionary based secure password
          o change the TCP/IP-ports to non-default ports

If a router got infected you cannot access the router anymore via Web or Telnet (SSH only if you did enable it once). As far as we know the worm does not yet install itself resistant so rebooting the router and checking if you can access it again is a first step. After you can access it again please disable WAN access or take the above mentioned precautions. If WAN access is not enabled your router was not infected and the non-accessability had another reason. The last option is resetting the router to factory defaults. Because the WAN port is disabled by default, your router then cannot get infected anymore.


===========================================================================

[lizzi555]

Do you realy know what you are talking about ?

I think he does.

DIR-655 runs Ubicom IP OS and this worm can only attack linux based systems (i.e. DD-WRT).

This article is rather old ...