Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[Axel49]

I've read the following threads and found them very interesting.

Start thread: http://forums.dlink.com/index.php?topic=53373.0
Follow-up: http://forums.dlink.com/index.php?topic=56464.0

I've read the preceeding threads (links above) and found them very interesting. This is a continuation from there as I want to add my comment from my experiences.

This type of problem concerns me, too, and the situation described by DennisOlof1 is very similar to mine including the number of DAP-1360 involved (3). My model is hardware version C1 as well as firmware version 3.04, two were upgraded from 3.02 to 3.04 using the same source as DennisOlof1 said. I have also tried to get it to work in repeater mode, it is hard and I have replaced it with wired cables.

On the 2,4 GHz band there is in my envirionment not much free space to use, I used the inSSIDer (recently licensed version 4) to locate suitable channel selection.

I have been active in the WiFi area since 1998 when Netgear presented their first wireless AP, a simple one capable to run 802.11a and 40 bit WEP encryption, the stronger variants were not eligible for export outside the USA/Canada before January, 1st, 2000 (64 bit WEP was relased for international usage) and by July, 1st, strong crypto (128 bit WEP like 3DES, 168 bit) was released for international usage.

Like DennisOlof1 I also live in Sweden!   I am running with almost all equipment at Cat 6, 1000 Mbps including cable connectors, switch and router. There are deviations on two points only, 1) Internet connection is a fibre channel one running at 100 Mbps (from ISP), and 2) the network adapter in the DAP-1360, which is a 10/100 Mbps one (should have been a 1000/100/10 Mbps one for completeness), this is not a functional problem, it concerns the homogenity of the overall structure. Wifi is running at 802.11n (300 Mbps).

So my problems were similar to the ones presentet by DennisOlof1. Firstly, I don't understand some messages in the log:

Aug  8 20:46:50 rlx-linux user.warn kernel: D3 hot -> L1
Aug  8 20:46:58 rlx-linux user.warn kernel: Err!!! w16:42a,1010 in L1
Aug  8 20:47:11 rlx-linux user.warn kernel: D3 hot -> L1

Like DennisOlof1 I got lots of the "D3 hot -> L1" message, but I don't understad what it means nor what action (if any) I am expected to perform. The same thing applies to the "Err!!! w16:42a,1010 in L1" message. Something wrong in the Linux kernel?

This problem I cannot resolve as I don't know what it concerns. Also, I don't restart the DAP-1360 daily (cycling the power) to have "unknown problems" resolved.

In general, a program will not fail without reason, if a failure occurd this depends on the circumstances when it executes and in a complex environment these circumstances are not always foreseen by the programmer. To identify these unforeseen circumstances it is essential to find out what they concerns to be able to manage them properly in the software.

I have also noticed some unstability in the DAP-1360 and also got it automatically restarted without any visible explanation. But to me it seems that the restarts are caused by overloading the RAM memory - it is a recovery action - and why I make this conclusion has been clarifyed by Jeroen Pluimers at his site "The Weirt Corner" in a thread regardin problems caused by the SWL (Samsung Wireless Link).

Link to this very interesting thread; http://wiert.me/2011/07/04/sec_linkshare-ssid-is-from-your-samsung-tv-swl-samsung-wireless-link/

I ran also in the same problem, obviously caused by some neighborhood to me. I don't know who, still unidentified. If not being a trojan horse faking its appearance it would probably really be a Samsung SMART TV behind and there are more reports on thi Internet about it, but the Pluimers discussion thread was the most interesting I found and it made me capable to solve the matter.

What happened was that I ran into difficulties enabling the DAP-1360 to replace my old, worn-out DWL-G710 (Range Extender) installed around 10 years ago. Funny enough, I had 3 such ones, too, running with WEP 128 bit (I never changed to WPA).

After investigating the matter I finally decided to decrease my engagement in the WiFi area due to too many mysterious distorsions appearing irregularly in the close environment (when I started I was alone) and replace the repeater usage with wired connections. Here the Cat 6 equipment was entered for this purpuse as well as a decision to leave the outdoor environment as far as possible to limit the wireless signal coverage to work well indoors, possibly cöntinuing to use some outdoor antennas for minor applications (I have 3).

So what happened? I found that the SEC_LinkShare_###### SSID was actively trying to make intrusions by trying lo log on to my repeaters (now all are changed to AP:s after installation of cat 6 wired connections instead) with logon failures due to wrong password.

It is one remarkable thing with this. The logon retries were made with a relatively high intensity, the AP reported around 450 retries per five minutes interval - and the DAP-1360 restarted surprisingly often! I don't see any other realistic reason than that RAM memory was overflowed and therefore the DAP-1360 repelled it by trying a reset through rebooting. Of course, it disturbed regular WiFi traffic.

This is similar to a DoS (Denial of Service) attack although on the WiFi net and not on the Ethernet (IP, TCP, ICMP are generally used)  but on the 802.11x based WiFi net.

Obviously, if not masked like a trojan, this would imply that the Samsung wireless AP has serious malfunctions in its implementation. I understand tha idea, to connect several Samsung wireless equipments to a central (for exampe a Samsung SMART TV) controlling them (the Samsung SMART principle). It could be mobile phones, music equipment, different playes as well as Internet access. But all wireless equipment is from Samsung and not all wants to be controlled by the Samsung SMART central.

What happens is that the central is automatically polling all wireless equipment within a reachable distance and with a reasonable RSSI signal strength and tries to connect them. This is done in an endless loop arunning as fast as possible, in my case obviously almost two laps per second. But it is not MY Samsung and therefore the connection is undesired - it should be rejected as the DAP-1360 did.

The problem is that the intensity is too high, which caused overload (RAM is a limited resource) and a logon is a resource-comsuming action.

So what to do? I noticed the intruder's MAC address and blocked it! So session request was immediately rejected on the MAC address condition and not via the far more complex logon procedure. It worked fine, but the logs got overfilled with "access denied" notices, moreover, the throughput in my WLAN was affected negatively about 5-10% (checked with PING response times). It is worth to note that the "attack" frequency increased from about 450 to 594-597 retries per five minutes interval, so some frustrations remained.

Was the "intruder" completely passive and did nothing?

No, he noticed that his Samsung SMART central AP (probably a TV) not worked well so he changed the state of his SEC_LinkShare_###### SSID from open mode to hidden mode!!!! It's a curious action to repeal with, it seems that he maybe belived that his Samsung SMART central was attacked. But as I blocked on MAC level and not SSID level this action had no effect.

He got obviously confused and tried to turn off and on his SWL equipment, the last restart was two days ago and then it has been quiet. Maybe the Samsung WiFi function has been turned off as Jeroen Pluimers recommended in the reference link given above, I don't know.

But this case shows to a possibly upcoming big problem to the WiFi world. There are lots of equipment enabled for wireless communication in different ways and the WiFi is no longer an area reserved for computer specialists. Lots of other equipments wants to participate on the wireless radio channels. And many equipments are depending on the wireless net, they cannot even be attached to a standard cable as they don't have any RJ45 port.

And we are extending the 2,4GHz band with the 5GHz band and discussions regarding the next extension to the 60GHz band are ongoing.

I know that the throughput of these very high frequency is very sad, for example, they would work only in free air, not through walls. The range is restricted which maybe could be a good thing to give place to everyone.

But this is the story about how I solved a specific case and successfully could repeal an unwanted wireless intruder. Hopefully, he will not get back.

[DennisOlof1]

Thanks for the update. I guess any AP regardless of brand would suffer from this, as it is a kind of DDOS attack. I think that a lot of people do not know anything about this as WIFI is everywhere, and I would blame the manufacturer, they are often the ones to blame for bad implementation.

Bad firmware is one thing, I can understand that and most of the time, as with my devices, they often fix the worst of the errors so you at least have a working product. Power cycling is, for me, just a way of preventing serious errors downing the system completely and making i unresponsive, there are some managed ethernet switched with POE on each port, where you can log into the switch and have it restart end-equipment. So this problem is not new. I just choose a cheaper way to do it, and to ensure the APs work (or if they do not), reset them selves after a while, without any user intervention.

Anyway, conclusion is, if you want to be as safe as possible and have the most reliable WiFi network, build it around APs only, no special repeaters, and special modes in equipment. It will only cause more problems in the end. Best is to keep it simple, it does require more work but in the long run it is worth it.

I have been happy with the DAP-1360, but as I need more output power I am moving on to the Ubiquiti brand as it has that, plus it is not to hard to administrate (if it is easy others can manage it to and in my case that is important). Otherwise I might have chosen mikrotik instead, is is a bit more complicated, has more options and is a more powerful operating system. But I would say that Ubiquiti is just as good, only it has less options and is more easy to use.

Thanks for your story.

[Axel49]

Nice reading, DennisOlof1, and many thanks for your excellent comments!  I agree in full with your statements, not confusing as we seem to have worked with the same or similar topological structures and have made the same conclusions, too.

I checked the Wikipedia regarding DDoS and DoS attacks, it is worth reading sometimes to repeat and Wikipedia can sometimes clarify and prevent mispretations as the text is understandable. Well worth reading:

http://en.wikipedia.org/wiki/Denial-of-service_attack

I can see that nothing is said about DDoS/DoS attacks in the WiFi environment although I have noticed that such attacks are possible in the WiFi environments and I could see that complaints are rising regarding WiFi and weak performance. This area is well orth to be aware about as it can be used for investigating and explain such probllem as well as wireless bouncing, possible if multiple range extenders are being used. I agree completely with the conclusions - make it as simple as possible!

Worth to know about is also the original Ethernet structure, using thick Ethernet cable (10BASE5, max 500 m) as backbone and connections to equipment like this schematic overview:
 

___|___|___|___|___|___|___|___|___|___|___|___|___|___|___|___


A fishbone architecture.

More readings can be found at http://www.maznets.com/tech/10base-5.htm.

The topology is worth to study carefully to solve network problems although we nowadays are honnecting several basic networks via routers and implements the network using hubs/switches. Nodes can be workstations and servers connected via UTP cable (as this is commonly used today). But in our case we are building WiFi networks.

Therefore, every node would represent a wireless AP - and you can have as many as you want - provided that they are equivalent and do not present any device dependent information to the wireless nodes.

I solved this by attaching an internal NAT capable  router to my "backbone" net (for Internet access throuch my regular Internet connection point and for a local DHCP host coordinating address assignments). Then the remainder was to establish a switched network where yje AP:s were connected. I use the central network router's DHCP server to have dynamic IP address assignment overall coordinated regardless the number of AP:s - don't use the AP:s builtin DHCP service to avoid assigned address conflicts.

Thus, the range is extended as far as I need via cable - not via WiFi range extenders!

This gives a very stable and effective WiFi environment as a result - one can run everywhere in the area covered with the mobile wquipment - and it will work! The traffic will pass through the AP occasionally closest to you regardless of which AP originally assigned you an IP address.

I used Cat 6 cable to make this network (certified for 1 Gbps and can possibly bear up to 10 Gbps) - no distorsions have appeared yet and it runs fine even at 802.11n (300 Mbps) although I use DAP-1360 and it is with the DAP-1360 the bottleneck can be found as its builtin network adapter "only" supports 100 Mbps - but it is sufficient in the applications who have been used for now.

I haven't been able to check the overall effective throughput  yet as it requires an internal measurement server in backbone (similar to the http://speedtest.net service at global level). but hopefully something can be enabled in future. Let's see what we can do and when!

Many thanks to DennisOlof1 and his excellent interest and knowledge in these things to improve the WiFi availability!

[DennisOlof1]

Or you could use other technology's for transport of data traffic. Check out direktronik they have lots of nice stuff for WAN, when you do not want to use fiber. Regardless of how your network if built, you can always use wired solution, it is just a matter of money you want to spend on it. Fiber is great but not always the best solution, depends on environment.

Anyway, from what I can understand more advanced APs have measures to prevent DDOS or password attacks, sort of like the more you hammer a device the longer it will push you back, sort of "flood protection" and other things. But I guess it will not prevent memory leaks and so on. If you have a bad operating system this could cause problems.

I do not understand why D-link or Netgear have more memory in their devices, that way they could have one operating system for all the devices they manufacture, memory is cheap and from what I can tell, the current way they run the APs, routers and so on, is on a small linux system, does not need much space. So by increasing the memory to 256mb or 512mb they could accommodate hundreds of hardware devices with one single operating system. It would be nice to with a USB connection to upload new images if everything else fails etc.

But then again, I understand why d-link and netgear choose this way of running the devices, it is cheap, it works ok, and for the limited time they need to support the device before "end of life" it works.

My only big complaint about D-link, and netgear is that they do not update lots of the software or firmware in the operating system of the devices.

From DAP-1360

BusyBox v1.13.4 (2009/04/15)
squashfs: version 4.0 (2009/01/31) Phillip Lougher
Realtek GPIO Driver for Flash Reload Default
Serial: 8250/16550 driver, 1 ports, IRQ sharing disabled
serial8250: ttyS0 at MMIO 0x18002000 (irq = 23) is a 16550A
PPP generic driver version 2.4.2
MPPE/MPPC encryption/compression module registered
RTL8192C/RTL8188C driver version 1.6 (2011-07-18)
WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
Failed to initialize inotify: Function not implemented

There are tons of fixes since all that, and the irony is, the D-link could just download latest busybox, latest realtek drivers, and lots of other stuff that is updated and out there. Only thing they have to do is compile it and thats it. If you have the know how, since DAP-1360 is open source, you can download the source, and compile your own image, but that is way to complicated for most users, I defiantly can not do it.

[FurryNutz]

Ya that seems old for being the most recent Rev for this model DAP.

Well, I presume that maybe since there isn't any security issues, that the DAP will eventually fall off and out of development and D-Link might not see any reason to spend any more time on it. I don't know. Is a shame they cant' keep the core SW up to date though. Makes me wonder if the new DAPs are using the same or up to date now?

[DennisOlof1]

FurryNutz, agree.

Specially since they do not even have do do any work on it, busybox is maintained by others and updates, bugs, fixes etc. That is all done for the people who just want to use the software. I could understand if, lets say, they where on software from 2013, and did not update it to latest, and instead jumped over some revisions. And products that are then released in 2015 would have 2014 versions of software. As development, testing etc, is done before product gets to the market.

I do know that the older web-interface on D-link where around a long time, it was white and blue, they used that for a long time, seven years or more, and renewed it, the black and orange, like four years ago.

It seems that d-link and netgear reuse a lot of code, and stuff, and keep releasing new hardware or new revisions. So why they do not have a operating system for many models is beyond me, should be cheaper, and easy to fix bugs, then to have a different compiled image for every hardware they make. But I guess it is a reason for that too.

[FurryNutz]

Ya the Black and Orange UI came in around 2003-4 I think My first D-Link router was the DGL-4500. The DIR-6 and 8 series that same out around that era start with this new colored UI. Ya, I wish D-Link would use a bit more central ways to develop there FW. Even though Taiwan is HQ, each region does there own thing and sometimes hands don't talk to the other hand. We wonder a lot about things that happens with D-Link, however I've see a bit work in other Mfrs.  Now that the DIR-880L is out and it's new UI. It's getting less complex for the UI. I hope it works for them going in the right direction. 

[Axel49]

Now I found a reason for switching power off and on regularly (daily) on the DAP-1360. I haven't investigated the matter more in detail and I don't have log printouts for this.

But it concerns the internal log file management and what I did was to try to save the log file daily.  I did it in a way where the DAP-1360 wasn't restarted.

The log file will overwrite itself after a certain number of records so that the oldest log record is overwritten when no log space left.

I saved the log file for some days and for obvious pureness I cleaned the log using the "Clear log" function.

This worked for some days but after some days I could notice a behavior which most likely would indicate memory leakages. Also, the "Save log" function ran into failures (all data recorded were not written), "Clear log" did not worked, error notices began to appear in the log.

The log file management tools did not worked as expected, rebooting did not fixed the problem. The conclusion is memory leakages requiring a cold restart, i e switching power off and on.

I will implement this with a 24 hours clock switching off and on power regularly every 24h, thus causing a cold restart in the late night,

I miss one function key, whick I haven't been able to locate yet. Is it really implemented in the DAP-1360 firmware? Hardware Version: C1   Firmware Version: 3.04.

The function key I am lookig for is the Log Settings key. I am unable to find it!

From Help texts:

You can save the log files or have them emailed to you by clicking on the Log Settings button . This is recommended as the logs are cleared every time the AP is rebooted.

Log Settings - If you would like to see the AP's logs,please enable the syslog.

I would be happy if the log could be mailed to me prior to rebooting via cycling the power via a 24h clock - but I don't see that the wanted feature has been properly implemented as said in the Help information.

Can you please help me on this point?

Axel49

[FurryNutz]

• What region are you located?

Would you do the following as a test...
Save a copy of the FW update file to your desktop.
Factory reset the DAP.
Upload the FW file using IE or FF with out any add-ons.
Factory reset the DAP.
Setup from scratch then test....please report your finding if this problem still persists.

[Axel49]

Hi, Fuzzynutz!

I'm in Europe (Sweden) and we have 13 channels available at the 2,4 GHz band, furthermore, I have 3 DAP-1360 here of which only one gurrently is up and actively in service.

All 3 are bought in Sweden and at HV C1. Two were delivered at FW 3.02, the third at FW 3.04.  I always take backup of the FW configuration file.

I have seen the existence of a FW 3.03 (don't remember where). I checked the swedsh support site regarding firmware upgrades - there are two versions, 3.02B04 and 3.04b01. I have download the later one and upgraded two DAP-1360s to 3.04B01 (delivered via download in a ZIP archive).

I have five web readers installed here, IE 11, Mozilla Firefox, Opera, Apple Safari and Google Chrome.

Mostly, I use the Google Chrome and the FW updates were uploaded using the Chrome (a .bin file).

I am avoiding add-ons ,,,,, But I run Norton Internet Security and WinZip Malware Protector, both do modifications sometimes (removing suspicious software).

It is late night here..... I'll take the test sequence your recommenden tomorrow and getting bakck.

Kind regards,

Axel49

[DennisOlof1]

Axel49, this is by far the best method of having a reliable WLAN networks with APs. Even the more advanced stuff, like mikrotik and ubiquiti suffer from bugs in the operating system, firmware. You can not really do anything about it, as things are so complex with hardware and software, you need to compromise. So this is basically what is it. Not to hard to program, not to hard to use, but in the end you get a complicated system that has lots of bugs.

Anyway using a power cycle device (timer) is a cheap way of keeping your network running, it is true that it will cut of users when the unit is restarted and is a little bit irritating, but something you have to accept. At least if you want to have a 100% working WLAN AP. At least when it comes to the cheaper devices. The better ones might be able to last a week or more but eventually they too require a reboot. How is this solved on the more advanced level, well by using stuff that has POE and adding POW switched that can be remotely controlled, so you can switch on and off POE on each port. And there are other advanced options and monitoring too, you can do this kind of stuff in different ways.

The thing with the DAP-1360 was that on firmware v3.02 it was so bad that the unit could freeze several times per 24h, it was crazy bad. But when they fixed those major errors i v3.04 you only need to reboot it once every 24h and this it not a problem for most users. If you are a home user you do not need this, as you can reboot it your self and you are the only one using the AP. But in a public environment where you have plenty of users you need this option to keep the network up and running.

But as long as the network is usable, has a decent uptime, and so on, I think thats good enough.

[FurryNutz]

Keep us posted on how it goes...

[Axel49]

Thanks DennisOlof1!

I ran into the "freezing" situation you described earlier with FW 3.02, but in my case it is the FW 3.04.

This "freezing" isn't something I have noticed earlier but I may wonder .....  What I did was to test the e-mail settings as the only way to define them I found was in the Watchdog menu. The "log settings" item still invisible and doesn't appear even on the image contained in manual (3.00_EU, p. 60).

I have to make the assumption that the settings being used are the ones from the Watchdog page as I still cannot find "log settings" nor any other way to define e-mail settings.

I wanted the DAP-1360 to send an e-mail indicating that the ping test has failed (10 retries exceeded).

So I set a "nonreachable" IP address to ping to check the mail generation process when ping fails. Then the DAP-1360 got frozen for a while! It looks like a long-time lockout waiting for ping response, but... the behavior also coincides with the one you described. I haven't seen that before. This is not the mailing function, it is more alike a synchronous execution - is the DAP-1360 really capable of multitask processing or at least coprocessing? The behavior is very similar to a deadlock while waiting for an event never occuring like task completion (ping response arrives) or some other posting event (clock counter, wait time, reaches zero thus a timeout appears and thus a failure occurs).

This is hypothesis only as I cannot debug code during execution in the DAP-1360, but I wonder whether the Watchdog function was configured and activated when these "freezing" events occured?

The DAP-1360 is functionally confusing when one tries to find ways to enable several functions like Watchdog, e-pail posting and so on. It seems that the best way to go is to activate as few "extra" features as possible and to restart the device every 24h.

But if I can find a way to reach the "Log settings" menu, briefly described in manual and help text it would simplify things. But it is annoying to see that this key is not depicted even in the manual.

The simplest way seems to be running the automated setup and nothing more than restarting every 24 hour by cycling the power.

I have a TP-Link TL-WR1043ND here too, currently busy with watching and reporting bandwith availability from my location (a 2-3 years project probably ending in soon).

And, yes, this is for home usage although I am not the only one user - myself I run wired, but I am expected to provide wireless possibilities, too according to contract stipulates.

[DennisOlof1]

Axel49, well I can only attribute all the errors problems to BAD coding, problems with the web interface, and the old software, busybox and so on. There are so many updates since the versions d-link uses it is crazy.

From what I understand busybox is a scaled down linux, so yes it should be able to use the cpu to it's limits, but as with any operating system, once it hangs it hangs, and you are stuck. All I can say, at least by doing a power cycle every 24h, the DAP-1360 is working fine.

If I remember correct, you need a JTAG to use the unit as a sort of computer, then you will have access to everything, busybox, the commands and so on. If you check the open source code you will see what it is. You could update everything on your own, drivers, busybox and so on, but you need to compile it once done. That is way beyond me, as I do not have any programing skills or limited "know how" of linux.

Someone has posted some information, here you can see what I mean, and what you get when the unit boots up.

https://forum.openwrt.org/viewtopic.php?id=46334

And if you scroll down, you will recognize some parts of the information from the log during a startup of the unit, the do not show you everything in the log, you need to access it with that special custom made cable.

I do not know if someone at the WRT forums have released a custom firmware for the unit, I think they had problems with not having the option to support all the different cpus, and all units they support have custom pre-compiled images. There are a lot of things to do in order to get a customized firmware to work.

[FurryNutz]

Just curious here, can the logs be disabled on the DAP fully?