Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jclarkw]

Basic information I can't find in the User Manual for the DIR-645 (and possibly other routers):

1) What is the purpose of having two separate logins to the router's Web pages?
"Admin" is presumably for setting up the router parameters.
Why have a "User" account at all?

2) No detail appears on the allowed length and composition (case sensitive? letters and numbers? punctuation and special characters?) of passwords.

Any information would be appreciated! -- jclarkw

[jclarkw]

2) No detail appears on the allowed length and composition (case sensitive? letters and numbers? punctuation and special characters?) of passwords.

Well, I talked to two different tech-support people at D-Link.  One said minimum length 6 characters, case sensitive, any letter, number, or special character permitted, no length limit.  Trial and error shows this advice to be false.

The other said minimum length 6 characters, case sensitive, alphanumeric (no special characters), no length limit.  Trial and error shows this advice to be false also.  (These tech supporters aren't really very good are they?)

Further trial and error suggests that the maximum length allowed is 15 characters -- not really a very strong password without special characters!

Does anybody know the full story? -- jclarkw

[FurryNutz]

I've tested these routers down to 3 minimum numerical only characters and that works just fine.

I had used 7 alpha characters before however I'm the only one in my house old that deals with routers, local and remote access.

I would not be paranoid about log in usage. If your in a household and your the only one that has access to this information, then it's up to you to keep it secure and to your self. Grant only those trusted to work with routers or if you need someone to work on the router locally, clear the password on the log in, once the configuration is complete, re-assign a password.

I have from time to time, remotely helped others with there routers. I tell people if I do help them remotely, either log in for me or clear the pass word while we review the routers configuration. After we are done, then they re-enable the PW.

The PW is only for the local LAN side connection. Only does this come in to play if you have the Remote Access enabled, then one would still need the PW.

Find a password that works for you and you alone if your the only person managing the router. I guess use alpha and numeric characters if your concerned about strength.

Honestly, if someone wanted access to your router, they could just do a factory reset using the button. 
In this case then you'd need to lock up the router in a secure room. 

[jclarkw]

I would not be paranoid about log in usage...
Only does this come in to play if you have the Remote Access enabled, then one would still need the PW.

Well, aside from remote administration (which I would normally turn off), the biggest concern is future hacker attacks like the old one posted at "http://forums.dlink.com/index.php?topic=53295.0"...

BTW, the DIR-645 **does** accept special characters, so I guess nothing that the tech-support people told me was correct.  I guess we're stuck with up to 15 case-sensitive characters of any kind.

Thanks again for your helpful suggestions.  Now I just hope my passwords don't vanish, as reported on a recent thread! -- jclarkw

[FurryNutz]

One more suggestion. Once you get the router completely configured the way you want and need it, save off there routers configuration to file under Tools/System. Just in case something does happen and the router gets reset or something, all you'll need to do is to Restore from that file and you'll be good to go.

Enjoy.

[jclarkw]

I would not be paranoid about log in usage...
The PW is only for the local LAN side connection. Only does this come in to play if you have the Remote Access enabled, then one would still need the PW.

New potential security risk:  Now that I have my new DIR-645, H/W Ver.: A1 (originally F/W Ver.: v1.01), successfully upgraded to F/W Ver.: 1.03 and (almost) completely configured to my liking, I noticed another behavior apropos of the above discussion.  The on-board Web-administration pages are accessible (with the required password of course) to **wireless** connections, in addition to the expected wired LAN connections.  Unless I'm missing something (?), there is no way to turn off this wireless configuration access.

This seems unusual and potentially risky, since one cannot **physically** control who connects to the device wirelessly.  For those who don't bother to set strong administrative passwords, strong wireless passwords, and/or other recommended security measures, their routers are vulnerable to drive-by attacks -- not a great design feature!

On the subject of passwords and user accounts, I also noticed that there is no longer a "USER" account and password available in F/W 1.03 -- probably just as well but something else tech support didn't seem to know.

This is a bit off topic, but F/W 1.03 also does not respond to outside requests on any ports that I've tried, to the extent that "stealth" has any real benefits.  See, for example, the following results from "http://www.t1shopper.com/tools/port-scan/":

"68.34.86.240 isn't responding on port 21 (ftp).
68.34.86.240 isn't responding on port 23 (telnet).
68.34.86.240 isn't responding on port 25 (smtp).
68.34.86.240 isn't responding on port 80 (http).
68.34.86.240 isn't responding on port 110 (pop3).
68.34.86.240 isn't responding on port 139 (netbios-ssn).
68.34.86.240 isn't responding on port 445 (microsoft-ds).
68.34.86.240 isn't responding on port 1433 (ms-sql-s).
68.34.86.240 isn't responding on port 1521 (ncube-lm).
68.34.86.240 isn't responding on port 1723 (pptp).
68.34.86.240 isn't responding on port 3306 (mysql).
68.34.86.240 isn't responding on port 3389 (ms-wbt-server).
68.34.86.240 isn't responding on port 5900 ().
68.34.86.240 isn't responding on port 8080 (webcache)."

Best Regards -- jclarkw

[FurryNutz]

Access to the routers web page by default can be accessed via wired or wireless connection. This is a feature on any Mfr WiFi router, not just seen only on DLink routers. There are users of WiFi router who do not have or use wired LAN connections, so they also need a way to mange the router wirelessly, from initial set up to general management. Dlink has the QRS app for phones so you can set up routers with out using a wire. The only option that should not be able to access the routers web page is when users are connected to the Guest Zone.

One can electronically control who connects and who can't connect to the router.

Port scans can result in false positives and most of the ports are shut off unless you set them up for use.
Did you try another port scanning site? I use Gibson Research for some testing.

[jclarkw]

Access to the routers web page **by default** [my emphasis] can be accessed via wired or wireless connection...

OK.  I'm not used to this as my much older NetGear router did not.  Your "by default " suggests that there is a setting to turn this feature off.  Not so? -- jclarkw

[FurryNutz]

Maybe feature is the wrong terminology, maybe standard is a better word. This is a standard for ALL Mfr WiFi routers. Been this way for a long time now.