D-link security issue

beeskuiken

Active Member
Joined
Jan 6, 2010
Messages
42

LCBXX

Honorary Master
Joined
Apr 11, 2006
Messages
11,117
The models mentioned in the article does not mention the 2750U. My guess is the attacker found a vulnerability in the router's firmware and used to to gain access to your router's Internet-facing management interface or, much more likely, used one of your LAN/WiFi devices (e.g. compromised Laptop), as a springboard to access the router from the LAN side and opening up the Internet-facing management interface.
 
Last edited:

beeskuiken

Active Member
Joined
Jan 6, 2010
Messages
42
It seems to an automated thing for whenever I open it up, this dude gets in under 60sek. Have to reboot the router then.

Can I use the source network and source mask values to block this IP? How?

Thanks
 

LCBXX

Honorary Master
Joined
Apr 11, 2006
Messages
11,117
It seems to an automated thing for whenever I open it up, this dude gets in under 60sek. Have to reboot the router then.

Can I use the source network and source mask values to block this IP? How?

Thanks
To be sure the hacker is not getting in via one of your inside devices, reset and securely configure the router from another device not familiar to your network, such as a non-jailbroken Tablet/Phone from a friend or family member. If the Router still gets compromised after that it is very possible that the Firmware has a hole/vulnerability in it that allows the script-kiddie to gain access to it. Get hold of DLink and make them aware of what is happening. Temporarily create Bridged/PPPoE connections from your LAN devices, with an enabled Personal Firewall at least, across the Router until DLink reverts with feedback or a patch.
Another test is to try another ISP and see if it still happens - the hacker might be running something against your ISP's IP Subnet only.
 

beeskuiken

Active Member
Joined
Jan 6, 2010
Messages
42
Turned off wifi and disconnected all devices from router, accept pc, and he still gets in. I assume this means that the router is attacked directly.
 

LCBXX

Honorary Master
Joined
Apr 11, 2006
Messages
11,117
Turned off wifi and disconnected all devices from router, accept pc, and he still gets in. I assume this means that the router is attacked directly.
Seems like the router's firmware is compromised in some way.
Try another ISP and see if it still happens - the hacker might be running something against your ISP's IP Subnet only
Delete all PPPoE connections from the router and create them from your LAN devices, with an enabled Personal Firewall at least, across the Router until DLink reverts with feedback or a patch/fix.
 

Noah

Expert Member
Joined
Jan 21, 2008
Messages
1,473
gilqd.png

Maybe make sure that management isn't port forwarded/internet facing.
 

Wasabee!

Expert Member
Joined
Apr 5, 2012
Messages
4,847
Disable telnet, ssh and http access of the web console in the router settings.

They might have been left enabled by default.
 
Top