Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[JacobBruinsma]

It's hard to find information on this router since it's brand new and all, but: every day since I bought this router, it reboots around the same time of the day. I don't know what causes the reboot or why it's happening. I'm logging Syslog information but it's very hard to find why the reboot happens.

I did update to the last firmware version, and the reboot still happens. Does anyone here have the same problem?

[JacobBruinsma]

More info: I now have the switch that's connected to the router syslogging me when its links are up or down, and it's telling me when the 1 Gbps link went down on the router. So I went looking for any log lines from the DSR-500N, and guess what: nothing.

If you're interested, these are the logged lines leading up to the reboot:

Feb 11 14:20:51 192.168.1.1 Feb 11 22:20:55 DSR-500N IPS [Local1-UTM] *ALERT*[1:1365:5] WEB-ATTACKS rm command attempt [Classification: Web Application Attack] [Priority: 1]: {TCP} xxx:xxx -> xxx:xxx

Feb 11 14:20:57 192.168.1.1 Feb 11 22:21:00 DSR-500N IPS [Local1-UTM] *ALERT*[1:2517:13] IMAP PCT Client_Hello overflow attempt [Classification: Attempted Administrator Privilege Gain] [Priority: 1]: {TCP} xxx:xxx -> xxx:xxx

Feb 11 14:21:25 192.168.1.3  Feb 11 14:21:25 2011:LinkStatus-6:port 1 link down

To clarify: these dramatic alerts happen all the time, hundreds per hour, I think it's nothing too concerning since we have tens of clients logged in to the same imap server all day. As for the "web-attacks" rule, I don't know what it means, D-Link doesn't specify these rules anywhere. Not very helpful.

[JacobBruinsma]

Hello everyone, I now understand there aren't really that many members here that know much about this router since it's so new (there's barely any information out there, I noticed).

I did solve the problem of the unexpected reboots. It appears we have more open internet connections than the firewall can handle, so disabling the Intrusion Prevention feature made the router stable once again. I hadn't expected this but it works.

For those who don't know, the intrusion prevention follows certain rules that are downloaded by the router. These rules check for http headers and certain basic rules (what port is accessed from what interface - SNMP requests on internet devices, for instance) and it uses up a lot of processing power from the router to do this filtering.

[Irq16]

Hello.  Just saw your posts on this forum.  I currently have a DLink 655, but have been looking into a dual wan solution.  I was planning to use this in my test lab environment.  Not alot of PCs but I would be using newer products to assist with updating certifications and testing the IPv6 as well.  Its seems from what you are saying more features I try to use on this router more chance it has of rebooting daily.  I currently have sql,exchange.....ms products behind my current model.  Wanting more thou. Interesting posts thanks.

[JacobBruinsma]

Excuse the late relpy. I discovered that the reboots were caused by the intrusion prevention system. Apparently it's a resource hog and the router couldn't cope with the traffic, hence the reboots. I disabled it and it has been fine since. I'm sure that with only a couple clients and maybe a megabit or so of traffic across the firewall, you should be fine. But in our situation there are just too many connections going on at any time.