Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Devyn]

i've reflashed many times..also downloading again firmwares..i dont think this can solve the issue .. :/ if i wont find a solution i will switch back to linksys, wont be as fast as dlink but at least i NEVER had a single problem for years

[EddieZ]

I hope you understand that there is no acute threat in what is happening.
The log you see is someone trying to get in through the cable connection with your WAN modem. It has nothing to do with wireless!
This will not be any different with a Linksys. There is no breach of security, this will or can happens to all those connected to the internet!

Just in case: Check if your internet router hasn't bee hijacked. Since wireless is turned off, it loioks like somebody is trying to access wireless through the modem from inside the LAN (I am not a script kiddie or hacker so I wouldn't know if this is possible though, just a hunch)

[Devyn]

Through cable and wireless..but today is the first time i see the "intrusion" not just from wireless only..

[EddieZ]

Check you internet modem security (change password) and the logs to see if any 'external' devices have accessed it.

Do you share connection with neighbours? If so...well, you know what to do.

[Devyn]

I dont share connection with neighbours. i dont have a modem, its a "own" device from my isp and it doesnt have any kind of interface or something..you just plug in the ethernet cable and you are connected..

[EddieZ]

You could call them and let them assign you a fresh IP. That should fix any wired attempts. I wouldn't be surprised if the wireless notices also disappeared.

[Devyn]

Unfortunately this isn't possible..if it was id already done it.. :/

[thecreator]

I just tried what you suggested...i couldnt connect..also no wireless signals at all using wirelessmon... and logs dont show anything suspicious. Do you think firmware has a bug ? this could be very dangerous... because i changed many firmwares..

Hi Devyn,

I just noticed your signature when you mentioned firmware. You are running Firmware 1.22. That was posted on D-Link Downloads and later removed because of problems.

Re-flash your Firmware to 1.21 with SecureSpot. This way it can be available to use, but you don't need to sign up for it. Just uncheck it when configuring the Router for use again.

[Devyn]

i had this problem with different firmwares too.. 1.20 1.21 doesnt metter..

[EddieZ]

Unfortunately this isn't possible..if it was id already done it.. :/

Get another provider. If they can't do this they have really terrible service.

Getting a Securespot subscription might to the job, there's 30 days to try it out.
Otherwise: no solution besides keeping your WPA2 and MAC filtering turned on.

[ttmcmurry]

If you really wanted to figure out if it's something coming through your cable modem... Two tests:

One:  (really easy)
Unplug your cable modem from the WAN port on your DIR-655 and see if the MAC spoofing continues.  Should it stop, it's coming from the WAN.  If it continues, then you're likely infected with something.

Two: (relatively advanced)
Download an application called "Wireshark" to a computer that you don't mind having unprotected access to the internet (read: have to potentially erase/restore), read the manual/help for a moment, then..

If you have a spare ethernet hub 10/100 sitting around (and it has to be a hub, not a switch), you can put the hub between your DIR-655 and cable modem.  Also attach said computer.  Fire up Wireshark, and start capturing packets.  Record for a few minutes, unplug the ethernet cable, stop capturing.

Look through the log (filter) for the MAC address sequences and see if you can find an IP address as a source for the MAC spoofs.   If there is a single IP address that keeps spitting out the MAC addresses, then you have found your attacker.  File a complaint with your ISP. 

You may also find other interesting things, maybe not.  It's a crapshoot, though you'll get some interesting data, I'm sure.