D-Link DIR-655 Firmware 1.21 Hijacks Your Internet Connection

chronopunk writes "Normally when you think of firmware updates for a router you would expect security updates and bug fixes. Would you ever expect the company that makes the product to try and sell you a subscription for security software using its firmware as a salesperson? I recently ran into this myself when trying to troubleshoot my router. I noticed when trying to go to Google that my router was hijacking DNS and sent me to a website trying to sell me a software subscription. After upgrading your D-link DIR-655 router to the latest firmware you'll see that D-link does this, and calls the hijacking a 'feature.'"

Re:Why...

[TheRealMindChild]

Probably not. But what are you going to do about it? After enough stink, there will likely be a class action suit. No one that has been wronged will get real resolution (maybe a coupon for a new D-link model router for their trouble!). The amount paid out by D-Link will be less than the profit they get from these things. Business as usual.

The only solution is to burn the place down or kill a few key people, then let them all know why. But no one is going to throw their life away on a bad router purchase.

Re:Why...

[orclevegam]

If you RTFA it is something you can disable (at least according to the D-Link rep, I don't actually own one of these). It sounds like he's ticked off because it was slipped in with the firmware upgrade, enabled by default, and if you're not technically inclined you'd probably not realize what was causing the hijacking. It is a scummy thing to do, but hardly illegal, and it's being made out to be a lot worse than it actually is. Had it been disabled by default, or perhaps included instructions on the site it directs you to on how to disable it then it wouldn't be an issue.

More reasons never to go consumer again

[Chas]

After massive amounts of pain with consumer/prosumer-grade (many of the D-Link) routers in the past two years, I finally dropped real money for a real broadband router earlier this year. So far, I've had months and months of trouble-free service.

Now I start hearing crap like this. Makes me even MORE thankful I bit the bullet.

Also "you can turn it off!" apologists? WHY IT IS ON BY DEFAULT? Moreover, tell that to some luddite who barely understands how to boot his computer.

Google Should Sue

[Nom du Keyboard]

This cannot be allowed to go unpunished. Google should sue since it was their domain name that was hijacked and a clear attack on their business.

Google should sue because they have lots of high-priced lawyers and can really make DLink regret this.

Re:Why...

[Anonymous Coward]

What's annoying with things like this (and others) is that it just gets in the way and obstructs your work.

I choose things based on their lack of snarkiness. I don't want a Windows PC full of crapware. I'd rather just pay the manufacturer a few extra bucks to cover the loss of crapware kickbacks. I used to run an AV, but occassionally, it would bring up a message telling me I wasn't fully protected because I wasn't running their antispam (despite running Thunderbird). When my renewal came up, I chose another company, and I told them that this was one of the reasons.

Re:Linksys + alternative firmware

[TrekkieTechie]

Mod parent up -- I've been running DD-WRT v23 SP2 on a 54GL and have had zero problems. Current uptime is 68 days, and that's only because I had to break down my equipment to move it to another room. Actual uptime would be more like a year, without ever having to look at it or even think about it.

Isn't it nice when things just work?

Re:Why...

[Ron_Fitzgerald]

I agree that the WRT54GL with Tomato firmware [polarcloud.com] has better QOS than stock Linksys firmware. I have 2 VOIP lines at home with this router and the call quality is noticeably better after the firmware push.

Re:Why...

[dgatwood]

I never said I was boycotting them in perpetuity. That said, these aren't isolated problems. Three out of five Netgear switches died, three out of three Netgear FA101/FA102 cards died within a couple of years, etc. It takes three bad experiences with a company's product to earn do-not-buy status unless one of those bad experiences is really serious (the Belkin USB-serial adapter that was shorted from the factory and nearly killed my computer, for example).

At least in this DLink case, it's just a political do-not-buy, which might go away if/when they clean up their act. Their gear seems to be electrically mostly solid. That's why this bugs me so much. They were the only one that I hadn't had a long string of horrible hardware faults from. :-)

Re:Why...

[TheMCP]

I think it's quite arguable that it's "hardly illegal". You could say that they're fraudulently claiming that the object they're selling is a "router" when in fact it's an "advertising machine". Or you could say that by hijacking the DNS for google, they are fraudulently making it appear that google is endorsing their software.

Of course, the real solution is to never buy a d-link product. Haven't there been enough issues with them reported here over the years to scare away a responsible technician?

DIR-655

[bpsbr_ernie]

This firmware has been in beta for almost 2 years. It adds the SecureSpot feature which allows for web filtering. The idea with the splash page is to allow the users to immediately decide whether they want the feature enabled or not. So, I install a new DIR-655 router, my kids are immediately blocked from all internet access. If I decide to disable it, suddenly everyone can get to their favorite porn website. If I turn it on, I now have parental controls and the kids can only get to the sites/categories I approve. Is it really that bad they they are forcing you to "choose whether you want the feature on or off?" Maybe they could have disabled it by default, but those that want the feature, may never realize its there.

Re:Simple solution...

[Eil]

My WRT54GL is likewise running just fine. It has OpenWRT which has has no hijacking feature that I'm aware of.

I'm curious, though, how is the hardware on these antiquated? They really just route ethernet and wifi packets and that's it. Some people are making robots out of them. The last benchmarks that I saw had these things slinging 30Mbits/sec and I know everyone's broadband speed hasn't quadrupled since the WRT came out.

Re:Why...

[DoofusOfDeath]

It is a scummy thing to do, but hardly illegal,

Actually, could it be considered fraudulent? They intentionally did something that made the product somewhat not fit for use, because in certain cases it's actually not a correct router.

Alternatively, Google might have a trademark claim or unfair competition claim against D-Link, because of the surreptitious redirect.

Re:Why...

[dnoyeb]

I think the Zyxel Zywall 2+ is the best sub $500 router you can get. It only cost me about $175.

Since I started buying Zyxel, I only buy Zyxel. Feature set is without compare.

Re:Why...

[GarryFre]

I totally agree and want to add what I told Safecount.com one of the most annoying offenders for making ads that get in your face track your mouse and try to trick you or force you to click on them. "Imagine someone in a big vehicle who cuts you off on the road and won't let you pass till you hear their sales pitch. How would you feel? What would you feel like doing to them? Would you buy from them? Nope? I thought not."

Using FLOSS, without the decency to acknowledge it

[ChameleonDave]

What annoys be about my D-Link DSL-504T router is that although it runs some sort of customised GNU/Linux (I did "ssh admin@10.1.1.1" and had a look inside), their documentation and website make not the slightest mention of this, let alone make the source code available.

Re:That's the end of D-Link.

[MrNaz]

It's been a long time since I bought from DLink anyway. Their products are expensive, inconsistent, unreliable and plain ugly. I hate how they always use non standard names for things like port forwarding, making it hard to talk people through it over the phone.

This is a new low for DLink, and is further vindication of my strict no-DLink policy.

Re:Linksys + alternative firmware

[corychristison]

As another has mentioned, downloaders beware of the Linksys WRT54G(L). It crumples and dies with nearly any bittorrent connections.

I had this happen with default firmware and DD-WRT. I've recently switched to a DIY solution running m0n0wall. All gigabit and the difference is clear. However, in total I spent nearly $400.

Re:Why...

[theshowmecanuck]

A number of years ago in Canada, the cable companies started 'giving away' literally everyone in the country a month of viewing on any new speciality channel that came up. Then when the month was over they would start charging you for it. You had to 'opt out' at the end of the month if you didn't want it. So, you would get the trial without asking and then they would start charging you without asking. There was a HUGE outcry and the government quickly stepped in and put a stop to it, making the 'opt out or be charged' practice illegal... at least for cable companies.

Re:More reasons never to go consumer again

[Chas]

A second WAN interface.
Gigabit backplane.
A VPN solution that gives you more than a single-megabit connection speed.

Re:That's the end of D-Link.

[bhtooefr]

There's also a difference between bad engineering and bad assembly.

The US automakers have learned this one the hard way - some of their cars have amazing engineering. But, all that engineering was let down by poor assembly quality (of both the component parts and of the car itself.)

Re:Simple solution...

[Guspaz]

Antiquated in four ways:

1) Uses 802.11g (not n)
2) Uses FastE (not GigE)
3) Small amount of RAM (16MB, compared to 32 or 64 in newer routers)
4) Very slow CPU (200MHz), compared to 260MHz in newer WRTs (WRTSL54GS) or 300+ in other newer models.

I'm one of the developers maintaining a fork of Tomato that adds support for MLPPP (bonding multiple DSL lines), and the CPU is our primary limitation; you can push ~15mbit aggregate (with QoS) before you start hitting limitations on the 200MHz models. Wireless encryption takes a chunk out of that (a very big chunk), QoS is taking a chunk out of what it could do, etc.

One user boosted his speed by hacking up our firmware and disabling all routing except for packet forwarding, to use the router as nothing more than a PPP client, letting a full Linux box do the routing. Another heavily overclocked his model from 200 to 250MHz.

Where we live, 5/800 DSL is standard for wholesalers (who are the ones supporting MLPPP), and it's unlikely that the WRT54GL could handle more than 3 lines.

A faster CPU would really improve things.