HWZ Forums

Login Register FAQ Mark Forums Read

Secure your Router - DIR-868L

Like Tree67Likes
Reply
 
LinkBack Thread Tools
Old 14-01-2017, 02:56 PM   #31
Junior Member
 
Join Date: May 2016
Posts: 62
i am using the 1.10 version on my starhub set without any issues. any idea why you guys wana stick to SH firmware?
DLink's US community's advice is that firmware versions which are WW (Worldwide) can be used in any region but....

"Firmware downloaded from an official D-Link site that is different from the country/region where the D-Link product was purchased may render the D-Link product as inoperable and void the warranty"

So if you download from non-SG DLink site, your own taiji if doesn't work or something screws up later. I suspect that even if download from http://tsd.dlink.com.tw they may argue your fault cos mydlink-enabled routers should download their updates from https://sg.mydlink.com/.

But who knows what they are up to given that they have quietly un-abandoned www.dlink.com.sg/starhub....

If a worldwide version works fine, then just stay with it and keep in touch with any major updates, especially if it is to close a security hole.

The big problem with DLink in APAC is the lack of information given as compared to US and EU - there's nothing for them to fear here cos the ISPs and regulators believe that SG users will "click on links in unsolicited emails"or infect their comps with spyware etc before he/she can be a victim of a security vulnerability through a router that an ISP has provided for free or at a discount.
legaltech is offline   Reply With Quote
Old 14-01-2017, 03:31 PM   #32
Arch-Supremacy Member
 
cybertech's Avatar
 
Join Date: Dec 2000
Posts: 10,294
So is it ok to continue with 1.07SHC, which TS mentioned Do Not Update to 1.07SHC. Don't see 1.06SHC available for download though.
cybertech is offline   Reply With Quote
Old 14-01-2017, 03:33 PM   #33
Master Member
 
tungsten2's Avatar
 
Join Date: May 2000
Posts: 4,183
RMA centre inform got bug. So do not update to 1.07

You can still download 1.06SHC from Dlink Website.
https://sg.mydlink.com/download#


So is it ok to continue with 1.07SHC, which TS mentioned Do Not Update to 1.07SHC. Don't see 1.06SHC available for download though.

Last edited by tungsten2; 14-01-2017 at 04:58 PM..
tungsten2 is offline   Reply With Quote
Old 14-01-2017, 07:18 PM   #34
Arch-Supremacy Member
 
cybertech's Avatar
 
Join Date: Dec 2000
Posts: 10,294
You go to Dlink Service Centre to RMA the DIR-868L yourself? Isn't SH suppose to do it.
My customer called SH and they will come down check the DIR-868L and if router faulty they will do an exchange. If not router fault then $60+$120 charges
cybertech is offline   Reply With Quote
Old 14-01-2017, 07:53 PM   #35
Master Member
 
tungsten2's Avatar
 
Join Date: May 2000
Posts: 4,183
Yes, I went to the RMA centre. SH where got so good. Haha....

Anyway they help me do all the downgrading and settings.

tungsten2 is offline   Reply With Quote
Old 15-01-2017, 10:53 PM   #36
Member
 
Join Date: Jul 2016
Posts: 213
RMA centre inform got bug. So do not update to 1.07
Hi Tungsten2,

Did they say what the bug was?

I can confirm I have successfully updated to 1.07SHC, for maybe 4 wks, or more.

My only notes to share with anyone who is interested is
a. Make sure you have make a copy of your setting file.
b. The 868 will revert to TOTAL reset, so the SSID and login will change back to default. (This took me 15 minutes to figure out)

Last edited by Phumba; 15-01-2017 at 10:55 PM..
Phumba is offline   Reply With Quote
Old 16-01-2017, 07:28 AM   #37
Senior Member
 
Join Date: Jun 2006
Posts: 612
I have tried one of the firmware - DIR868LA1_103SHCb01, designed specifically for Starhub, there is a disconnection problem. Since then, I never try it anymore.

I have used many US version firmware, generally stable and speedy. Starhub they don't vlan their connection, perhaps can gives it a try!
hk7310 is offline   Reply With Quote
Old 16-01-2017, 02:36 PM   #38
Master Member
 
tungsten2's Avatar
 
Join Date: May 2000
Posts: 4,183
Hi Tungsten2,

Did they say what the bug was?

I can confirm I have successfully updated to 1.07SHC, for maybe 4 wks, or more.

My only notes to share with anyone who is interested is
a. Make sure you have make a copy of your setting file.
b. The 868 will revert to TOTAL reset, so the SSID and login will change back to default. (This took me 15 minutes to figure out)

No, try to ask the same question but they just won't reveal.
tungsten2 is offline   Reply With Quote
Old 25-01-2017, 11:57 PM   #39
Senior Member
 
Join Date: Feb 2001
Posts: 1,320
US Firmware 1.12 works just fine
molecule is offline   Reply With Quote
Old 26-01-2017, 07:21 AM   #40
Senior Member
 
Join Date: Jun 2006
Posts: 612
Yes, US Firmware 1.12 works for me too, on M1 200Mbps.
hk7310 is offline   Reply With Quote
Old 27-01-2017, 08:07 PM   #41
Senior Member
 
Join Date: Sep 2003
Posts: 541
Notice : Do Not Update to 1.07SHC


It has been sometime I would like to share my router settings with fellow Starhub fibre subscribers using the DLINK DIR-868L router issued by Starhub.

1. Parental Control - OpenDNS FamilyShield
- my experience is when I use this option, my internet surfing improve a lot.I no longer experience any lag spike. Even on 21-Oct when the DDoS attack on Starhub DNS Server, I am totally not aware. My surfing is not interrupted at all.



Note : **FamilyShield block pornographic content, including our “Pornography,” “Tasteless,” and “Sexuality” categories, in addition to proxies and anonymizers (which can render filtering useless). It also blocks phishing and some malware.

For more information about OpenDNS Familyshield, do visit : https://www.opendns.com/about/press-...s-safe-online/


2. Firewall - Enable SPI & Anti-Spoof
-these 2 settings are disable by default. I really don't understand what DLink is thinking. So many years in the networking industry and yet they disable these 2 very important settings.

SPI is configured to distinguish legitimate packets for different types of connections. Only packets matching a known active connection are allowed to pass the firewall. In simple terms, it blocks UNSOLICITED packets (not originating from your LAN.

Anti-Spoof is self-explainatory. Pls google if you want to know more details.



3. WPS - Wifi Protected Setup
- This setting is enabled by default (for the dumb and lazy)
- Another well known vulernable setting, yet Dlink enable it by default. Working against all these years of experience in the networking industry.
- Disable it by untick the box beside.


Why WPS is INSECURE ?
PIN is Mandatory
While push-button-connect is arguably secure, the PIN authentication method is the mandatory, baseline method that all certified WPS devices must support. That’s right — the WPS specification mandates that devices must implement the most insecure method of authentication.

Router manufacturers can’t fix this security problem because the WPS specification calls for the insecure method of checking PINs. Any device implementing Wi-FI Protected Setup in compliance with the specification will be vulnerable. The specification itself is no good.

For more info, refer to here : http://www.howtogeek.com/176124/wi-f...ld-disable-it/

4. Disable UPnP IGD
- This settings is ENABLED BY default. Untick the check box to prevent UPnP hacking.
- Some interesting reading on UPnP Hacking


- Even Asus AIProtection is checking this settings



5. Passwords
- Last but now least , for goodness sake, put a STRONG Password for your router.



6. Firmware
- Update your latest firmware here : http://www.dlink.com.sg/starhub/
**please do a factory reset after the upgrade. Take note that all configuration will be lost after factory reset
**After reset, find the password at the bottom of the router. Dlink finally put in a password instead of leaving it blank. Also all wifi SSID & security are pre-configured. You will need to go to the router page to configure all the wireless settings.
**Thanks to Phumba for locating this link.


Missing
1. DHCP Query Frequency - One of the suspected reason for Starhub intermitten connection
- that's why when connect direct ONT, you don't face this issue.
- somehow change to another Dir-868l and problem self-resolved. Looks like a router issue.

2. Wifi Schedule
- This feature was in the router manual however it is missing

3. clone mac address
- Enable this feature and performance will drop 50%
- happens to both my dlink router for the 1st & 2nd contract.
- Disabled and performance is back to Starhub typical broadband speed.


7. MTU Setting
Try run the MTU test. You can get it from here : http://www.softpedia.com/get/Network...MTU-Test.shtml
Set it on your router and do the speed test again.

Explaination
The MTU setting controls the maximum ethernet packet size your PC will send (you did know the Internet works in packets, didn't you?). Why a limit? Because although larger packets can be constructed and sent, your ISP and Internet backbone routers and equipment will chop up (fragment) any packets larger than their limit. These parts are then reassembled by the target equipment before reading. This fragmentation and reassembly is not optimal.

1398 is the optimum MTU Setting (For Starhub Users Only)
DO NOT round up to 1400, your packet will be fragmented

**Note : You add 28 bytes because 20 bytes are reserved for the IP header and 8 bytes must be allocated for the ICMP Echo Request header.
+------------------------+
| 12 bytes control flags | \
| 4 byte from address | |
| 4 byte to address | |- IP and ICMP header: 28 bytes
|------------------------ | |
| 8 byte ICMP header | /
|------------------------ |
| 1370 byte payload |
| |
| |
| |
+------------------------+

Alternatively manual method to determine MTU Setting can done.
Refer to this clear and concise faq from TP-Link :http://www.tp-link.com/us/FAQ-190.html

Confugre MTU on PC
Start -> Run -> PowerShell (Must Run as Administrator)
netsh int ipv4 show subinterface
netsh int ipv4 set subinterface "Local Area Connection" mtu=1398 store=persistent
hi if my pc is connected to D868L via lan & i have already changed router mtu to 1398, must i also change pc's mtu to 1398 as well?
thanks
a4973 is offline   Reply With Quote
Old 27-01-2017, 11:59 PM   #42
Master Member
 
tungsten2's Avatar
 
Join Date: May 2000
Posts: 4,183
No need

tungsten2 is offline   Reply With Quote
Old 31-01-2017, 01:47 AM   #43
Senior Member
 
Fellowes's Avatar
 
Join Date: Dec 2008
Posts: 1,560
US Firmware 1.12 works just fine
Use v1.07SHC, router keep having issue and keep showing "resolving host" after entering the URL (Using Google DNS) and took awhile to even load the website, downgraded to v1.06SHC but the firmware is older thus security patch is older, in the end upgrade to the worldwide v1.12 (missing parental controls setting) but still having slow loading on URL on my 1Gbps Homehub plan. Either show "connecting" or "resolving host" for more than 15sec before the site is being loaded.

StarHub should seriously change the default router to at least DIR-880L or change to Asus RT-AC68U or give us the newer Rev.B1 hardware version of the DIR-868L, this router is a piece of crap.

Last edited by Fellowes; 31-01-2017 at 01:56 AM..
Fellowes is offline   Reply With Quote
Old 31-01-2017, 06:43 AM   #44
Master Member
 
tungsten2's Avatar
 
Join Date: May 2000
Posts: 4,183
1.What DNS are you using ?
2.What is the MTU size set on the router ?
tungsten2 is offline   Reply With Quote
Old 31-01-2017, 03:06 PM   #45
Senior Member
 
Fellowes's Avatar
 
Join Date: Dec 2008
Posts: 1,560
1.What DNS are you using ?
2.What is the MTU size set on the router ?
1. Google DNS 8.8.8.8.
2. Your recommendation 1398.

Called starhub 1633 at 1pm and 2pm trying to resolve the "Resolving host" issue, in the end also the same.

1. Change to another new DIR-868L router given by starhub default come with v1.06SHC firmware and reconfigure, still having issue with the network, ping google request time out, after awhile continue pinging then request timeout again (when it show requesting time out, my broswer if type any valid url for example: "Google.com" will not load immediately, it will show "Resolving host" after awhile "connecting" then after like 20 to 30s Google.com is display (ping will then be recevied) on my 1Gbps fibre plan. Sigh!

2. Change my ONT to router with new LAN cable, change new LAN cable from router to laptop still the same and wifi connection, having intermittent connection issue. In the end, tested plug in direct ONT to laptop no issue at all, conclusion is 100% ONT no issue, it's either the Dlink router (2 same model same issue??) or Starhub backend really screw up.

Going to Google.com...."Resolving host"


Going to some other website..."Connecting"


I already FB PM starhub regarding this issue, requesting their technical team to come down and check, no reply yet.

Last edited by Fellowes; 31-01-2017 at 03:34 PM..
Fellowes is offline   Reply With Quote
Reply
Important Forum Advisory Note
This forum is moderated by volunteer moderators who will react only to members' feedback on posts. Moderators are not employees or representatives of HWZ. Forum members and moderators are responsible for their own posts.

Please refer to our Terms of Service for more information.


Thread Tools

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Samsung
Play & Win