View Full Version : Ongoing Security Concerns with D-LINK DSL-540G Router.

02-07-2005, 02:18 PM
I posted a similar question to this yesterday but since I continue to have security concerns I would greatly appreciate some more advice.
I wrote to Paul Brislen at PC World magazine about the issue that he raised of Routers shipped from IHUG with possible security holes.
He wrote back to me and suggested a possible update to the firmware. He also pointed me to the appropriate site.

The version that was shipped with the router from IHUG is: R2.01.B20.NZ(030917a/Y1.21.1)

The file that appears for download at http://www.dlink.co.nz/tech/drivers/files/routers/dsl504g.htm is called:
DSL-504G.fw2.01 b21au.zip

I note that while the numbers are similar there is a difference in that mine appears to be <B20 NZ> whereas the only file that appears for download at the site is <b21 au>

My specific question is, will that make a difference and does the AU extension mean that it will not work with the telephone system in NZ.

I am especially concerned since :( my anti virus software (Avast) caught a Trogen yesterday and I know I have not opened any attachments at all recently.
I also visited The Symantec web page and had my machine scanned and was horrified to find that whereas in the past all my ports were stealthed (using a USB ADSL modem) now with the (supposedly more secure) Router, while the ports are all still not open, most of them are reported as closed but visible rather than stealthed which I gather is preferable.

Please give me some direction as to how to proceed.

02-07-2005, 03:58 PM
I have used that flash for changing from the Xtra custom flash. If you download the manual here (http://www.dlink.co.nz/tech/drivers/files/routers/DSL-504G.QIG.2.00.zip) , then it explains the settings for NZ. One of the main things to do is change the admin name and password. Also, there is a setting in the setups that allow for admin access as internal only, which you need.

This means even if somehow they do crash through and get access to the admin, that it is not the standard name/password. Makes it just about impossible from external sources.