Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[devineme]

Hi, I just purchase a DGL-4500.  I was scanning my web server with demos of eEye Retina Web Security Scanner and Acunetix Web Security Scanner, behind the 4500.  I pointed them at the DGL-4500 just to see what would happen.
To my supprise...

1.) Retina reported a "Blind TCP Reset, Alteon Ace Switch 184" vulnerability.... (And I think so some others but that one was the most startling). What the heck is that?

2.) Acunetix reported the router's whole mini web server root directory without even prompting for password.  Most of the files were viewable right from the program.

Now my question is this.  I want to concentrate on the security of my server, not my router.  I don't think my router should be giving out this kinda info, should it?  I mean should not the router be blocking ALL info requested from a web scanner other then the ports that are open?

Just wondering...

[Reinvented]

Well, I'm not sure why you are running a webserver from a "gaming" router.  If you are really worried about security, why not get a device for that specifically? And to be honest, I've never heard of those scanners either.

[devineme]

running a webserver from a "gaming" router??

I'm NOT running a webserver from the DGL-4500 "gaming" router.  That is to say I didn't do anything to "special" to the router.  The "gaming" router apparently has a web server built into it (and a seemingly unsecured one at that) that provides the router's configuration interface via HTTP.   The extent of how "unsecured" it is, I do not know.  Those web scanning tools I was using, were for scanning a webserver running on NAS box that is attached my the DGL-4500.  I pointed the scanning tools at the router after I was done.  I am using latest firmware 1.20 which means ANYONE who has one of these routers can do the same thing I did.  If you want, you can dl the demos of these EXPENSIVE corporate type scanners and run it on the router.

[DLP]

You're worried about *intranet* security on a home router? Might want to think about buying a Cisco 800 series router next time.

[devineme]

I looked at the Cisco 800 series. Security is mentioned as a prime selling point on the info page.  However it's after the fact.

Heres what I looked for when I made my decision..

#1) Gigabit Ethernet.  Both the computer and the NAS have Gigabit ports with jumbo frames so it made no sense to buy a 100Mbps router.

#2) Price.  I'm not spending $400+ for a corporate Gigabit router.  My usage just didn't justify that, currently.

#3) Heating issues.  Alot of the users were reporting over heating issues with the new Linksys stuff and other routers in the 1000Mbs range. So this is something I looked for in the reviews.

#4) Reliability,  The DGL-4500 was getting very good reviews from experienced techies and home users a like.  That is to say users were not reporting the device to fail after X amount of months.

That's pretty much it.  The 4500 has been trouble free after the 1.20NA firmware update.  I really didn't consider the security aspect of it because my experience with prior routers lead me to believe that by now all companies producing such a piece of equipment in the $200 range, have got basic security nailed down by now.  I was mistaken to make that assumption.  I see you said intranet vs internet.  That is a yes and no.  The DGL 4500 router is behind another "securer" 100Mbs router that feeds it internet.  The DGL-4500 services all 1000Mbs ports on the intranet.  Port forwarding 443 and soon VPN access are used for remote access.  Anyone I invite, mostly friends and family, can access the secure web server on 443 at anytime.  While think I minmalized "risk" with this setup,  I do not share the point of view, "diverting or ignoring security issues will make them go away". Am I correct in the assumption "every gamer who has a PC has no valuable personal information on it because after all, it just a gamer". No.  To say the least of someone accessing another's router with the intent of disruption, all because they got upset over a game or something else.  Cost v.s. performance?  While the old saying "you get what you pay for" may apply, telling millions of potential customers, "By the way, if your worried about security, then buy another more expensive Gigabit router because our stuff only provides feel good security"; is not a very good selling point.  My point in posting was only to bring attention these potential security issues, not to ignore them, nor to start a argument.

[DLP]

Thanks for your very complete answer, all very good points.

I'm assuming that you're not seeing any vulnerabilities when scanned from ouside your network?

p.s. In rereading, I see my comment about a home router sounded a bit condescending, sorry. I guess I wouldn't think of trusting a D-Link / Linksys level device to be worth much after my intranet had been compromised.

I'm pretty sure the bulk of the $200 for the DGL-4500 is the flashy display / gamer marketing.

[anon]

Security? LOL, D-Link is having enough problems getting their "routers" to operate doing basic functions.

Nice find though... don't know if any good can/will come of it.

I also wouldn’t be looking at a gaming router for reliable securities given so many things need to be open.

"By the way, if your worried about security, then buy another more expensive Gigabit router because our stuff only provides feel good security"; is not a very good selling point. 

…probably a reason why marketing is so important today.
What is better than giving them what they need? Telling them what they want.


Are you saying that with the release of f/w 1.20 that the dgl-4500 is trouble free?

[devineme]

Are you saying that with the release of f/w 1.20 that the dgl-4500 is trouble free?

Trouble free is kinda a broad statement because I have not used every feature the router has.

Security issues aside, yeah, my DGL-4500 has been running very predictably with firmware v1.20NA.
No coughs or hiccups..  I get great transfer speeds between the router and equipment.  Jumbo framing needs tweaking though.  BTW, TheTechStop.net did a nice review on DGL-4500 on youtube maxing the sustained throughput with IX Chariot for 3 weeks, without resetting.