December 10th, 2003, 11:18 PM
D-Link 614+ and WEP keys
Noticed today that around 5:45pm est, a local IP address was given to a Tablet PC through the D-link's Wireless connection. At that point, I never really bothered to enable WEP until now. Since that, I kicked the machine off and enabled 128-bit encryption. However I am still getting weird messages from the Dlink log that is bothering me. Wondering if you wonderful guys have any additional information than the online help on the device itself. The log follows:
Dec/10/2003 16:50:50 panic: et_send: prepend
Dec/10/2003 16:50:50 dtrap(67) - needs breakpoint
Dec/10/2003 16:50:49 panic: et_send: prepend
Dec/10/2003 16:50:49 dtrap(67) - needs breakpoint
Dec/10/2003 16:50:48 panic: et_send: prepend
Dec/10/2003 16:50:48 dtrap(67) - needs breakpoint
Dec/10/2003 16:49:46 DHCP lease IP 192.168.0.100 to notestealth
is my box malfunctioning?
December 10th, 2003, 11:24 PM
Looks like enabling the WEP foiled someone elses plans. Do you recognise the IP addy?
I have a question; are you the bug, or the windshield?
December 11th, 2003, 12:04 AM
Those error messages appeared before I enabled WEP and after I posted on Antionline. I noticed a server timeout and shortly after those "dtrap messages reappeared". The unauthorized host was named "Tablet_000" and even had a mac address. I stop that from reappearing again. Just now I reflashed the box and so far the log is clean. The firmware installed in Dlink's V2.20 for the 614+.
This is really bothering me...I recently sent the FBI some terror alert messages sent to my email through a mailing lists that someone suscribed me to. It was suppose to be stock information SPAM but warned of an attack on November 11. spooky eh?
Thanks for the prompt response.
December 11th, 2003, 12:25 AM
Make sure that you have the most current Firmware for your 614+.
You can find it at:
The firmare is currently at 2.20, it is really easy to update, just make sure you are connected via cable and not wirelessly, 'cause you could really screw the thing up otherwise.
Now, WEP is insecure. It is really easy to bust through it if you snoop enough packets from the wireless network.
I am intrigued by the panic and dtrap messages, those are error tags in the embedded system. Which should have caused your router to reboot. I have noticed that there are a lot of hits if you type "D-Link 614+ exploit" in google. One particularly mentioning a way to reboot the router. That would be a goode way to get enough packets to analyze to grab decrypt the WEP key, as your machines would have to re-authenticate in order to re-establish their connections. That would give the snooper enogh pakets to get your key.
I'm just currious because the DHCP lease is given before those weird issues.
I have also noticed while searching google that it is possible to get certain WiFi routers to disclose a lot of their important data by misuse of the tftp protocol (A flaw that was verified on 614+ with firmware 2.03)
So, my recommendation is, update your firmware. Use 128-Bit WEP, configure your machines to use static IPs and disable DHCP, use MAC filtering, disable the "Broadcast SSID" function in the advanced panel, make sure that the admin/user account passwords aren't default, change your SSID to something other than "default".
Now, these things won't make it impossible for the person to get back in, but it will make it a little harder (not much, but a little).
The thing is that this is like closing and locking your doors. Breaking into a house isn't hard, but its illegal. From what I've been seeing in war-driving cases, the more protection you have set-up, the more likely you are to be able to press charges effectively. The nice thing about WiFi is the person can't be too far away. I don't know what your surroundings are like, but the next time you see someone on your WiFi network, start looking for someone using a laptop/pda and looking generally suspicious. Corner them and scold them strongly implying that you might have to get the police involved if they don't stop.
Other than that, rest easy knowing that you've done all that you can do. Keep logs of when they accessed your network, that way if the FBI busts in saying that you were browsing kiddie porn, commiting internet fraud, or hacked one of there servers you have proof that an outside party was screwing with your network.
If you are a real computer geek, apparently uclinux can be ebmedded on the 614+, perhaps you could then set it up to use VPN tunnels rather than WEP. I dunno.
The owl of Minerva spreads its wings only with the falling of dusk. -Hegel
December 11th, 2003, 12:38 AM
hmm...you caught me off guard....I should have checked for exploits using google. Well it happened again after reading your response. I also noticed that it keeps displaying the Windows XP notebook with the addy of 100. 101 is the desktop running Linux. I will have to check google later...in the meantime, Dlink will hopefully email me with a solution. Correct me if I'm wrong...on the 614+, the led light M1 means "I'm healthy" and the M2 light means "throw me away". M1 is green. Could it be the dsl modem is having network or hardware problems?
December 11th, 2003, 12:39 AM
Dec/10/2003 18:27:36 panic: et_send: prepend
Dec/10/2003 18:27:36 dtrap(67) - needs breakpoint
Dec/10/2003 18:14:02 DHCP lease IP 192.168.0.100 to notestealth 00-30-BD-12-34-56
Dec/10/2003 18:14:01 Wireless PC connected 00-30-BD-12-34-56
December 11th, 2003, 03:57 AM
Just came back to the Linux console.....everything appears to be okay... Thanks for the help!
December 11th, 2003, 05:22 AM
Antionline wins again
Operating System: Linux
Due to the complex nature of your request, it is best if you speak with a live technician to resolve the issue. Please
call technical support at 877-45D-Link (877-453-5465). Technical support is available 24/7 to serve your needs.
If you have already called technical support and have a case ID, please reply with the following information and a
technician will contact you:
Brief Description of Problem-
Thank you for networking with D-Link.