D-Link Hate

[mmerry]

Serious question, why all the D-Link hate? I am not using any of their consumer stuff but do you their business stuff, ie DGS-1210-28P. It has been rock solid for what I use it for. Everywhere I look, people hate on D-Link. Is it because people keep running into places that have thrown up consumer switches and consumer routers as APs and not installed actual business grade gear?

 

[phaZed]

D-Link makes cheap hardware that is followed by crap firmware that keeps getting hacked... easily hacked - usually it's backdoor'ed by D-Link. They literally placed backdoors in the firmware from the factory. So, pair the security issues with lackluster hardware that can barely keep up with the specs of WIFI/Traffic @ 100Mbps or 1000Mbps... Well, there is really no reason to ever buy one of them once you know.

You should see a pattern here:

D-Link router flaw lets anyone login through “Joel’s Backdoor”


FTC sues D-Link over router and camera security flaws


Attackers hacked thousands of D-link routers and redirected their owners to malicious resources


Have a D-Link Wireless Router? You might have been Hacked

Some D-Link and Comba WiFi Routers Leak Their Passwords in Plaintext


If you have a D-Link or Linksys router, you’ve probably been hacked

Hackers Are Targeting D-Link Home Routers: Here's How To Secure Yours​

 

[mmerry]

It's not like that is uncommon. Cisco, ZyXel, Ruckus, and many others had the same hard coded backdoor.

https://www.reddit.com/r/hardware/comments/ezsrmi

Backdoors Keep Appearing In Cisco's Routers

Five different backdoors were found in Cisco's software this year, and Cisco's history with backdoors goes back many years.

www.tomshardware.com

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

The username and password (zyfwp/PrOw!aN_fXp) were visible in one of the Zyxel firmware binaries.

www.zdnet.com

CVE - CVE-2020-26879

 

[phaZed]

It's not like that is uncommon. Cisco, ZyXel, Ruckus, and many others had the same hard coded backdoor.

Right. So keep buying routers that can be hacked by your public IP then? Sounds silly to me.

Just because others are insecure is not a good reason to buy yet another insecure router.

 

[YeOldeStonecat]

I've used D-Stink a few times...their biz grade stuff. Notably their managed wireless systems (special POE switch that works with certain APs of theirs)...and I'll vow to never...ever....ever........ever....support it again.

 

[mmerry]

Right. So keep buying routers that can be hacked by your public IP then? Sounds silly to me.

Just because others are insecure is not a good reason to buy yet another insecure router.

I have a Zyxel router but here is the trick, I set it up with the latest firmware and can only get to the management side from within the network, not via the public IP.

 

[phaZed]

I have a Zyxel router but here is the trick, I set it up with the latest firmware and can only get to the management side from within the network, not via the public IP.

OK, well, fine... go ahead and trust the newest firmware, when most "new" firmwares, that are now older, have been shown to be problematic.

You're not going to change my mind, as a hobby of mine is hacking such things... so I know quite a few things about the back-ends.

If you're asking "why D-Link" gets a bad wrap, you have your answer... if you're asking me to place trust into these manufacturers, I'm telling you that you're being unreasonable. Seeing as you could have a better piece of hardware from a better manufacturer for hardly and difference in cost that doesn't have multi-yearly, decades long track record of security "lapses". Why pick the lesser? To save $10 - $20 or $50? My security and my customers are worth it.

 

[mmerry]

OK, well, fine... go ahead and trust the newest firmware, when most "new" firmwares, that are now older, have been shown to be problematic.

You're not going to change my mind, as a hobby of mine is hacking such things... so I know quite a few things about the back-ends.

If you're asking "why D-Link" gets a bad wrap, you have your answer... if you're asking me to place trust into these manufacturers, I'm telling you that you're being unreasonable. Seeing as you could have a better piece of hardware from a better manufacturer for hardly and difference in cost that doesn't have multi-yearly, decades long track record of security "lapses". Why pick the lesser? To save $10 - $20 or $50? My security and my customers are worth it.

Not trying to be mean or upsetting. i only have one D-Link switch in use. Just trying to get an idea of the hate for one company when pretty much all have been or will be cracked/hacked. I will try and be a little more civil.

 

[phaZed]

Your not being uncivil, no worries bud! It just makes no sense to use their stuff... security issues aside, as @YeOldeStonecat I think is alluding to.. their software sucks, too. Nothing but problems in my experience as well.

Cheap hardware will work for most people that have simple needs, it's when you introduce other hardware, VPN's, VLANs, and start doing anything else other than connect two household computers, that you start to see the cracks.

The problem with simply updating the firmware to limit external IP access is... first, external IP admin access should never be allowed - it's a router/gateway... kinda like "You had one job to do!" and it couldn't do it. Then to say a firmware update will "fix it", well, it seems every firmware before 'today's' has been lackluster, so why expect something different now?

Why is it ALWAYS big problems for Zyxel, D-Link? Why are they constantly battling backdoors in firmware? Is it because they are Chinese companies beholden to the Chinese government? Are the backdoors accidents or on purpose? There's no way to say for sure, so all we can do is go on track records.

To top it off... with prices like these:


There's no reason not to consider these instead (for example):

 

[mmerry]

Yes, Unifi is my go to brand for now, but have been researching others as some of their pricing seems to have started to creep up. Was considering looking at the TP LInk Omada line but no MFA has me giving them a big NOPE. May look a bit more into the Aruba Instant On lineup.

 

[YeOldeStonecat]

HP/Aruba is good stuff. Before we gathered around the swimming pool of Ubiquiti cool aid...we were an HP Procurve house....before that Cisco Catalyst back in the Cisco PIX501 days. For wireless...big expensive HP Procurve setups. Or...on the budget, a bunch of Stinksys wrt54G routers...often flashed with Tomato firmware and reconfigured as APs with the big long hi gain antennas from Fleeman Anderson Bird.

 

[YeOldeStonecat]

Centrally managed...in some multi tenant portal..is the key for us. For the MSP duties.

Right now I'm at a school we recently picked up...they have a HUGE FortiGate setup...from the HA gateways...to the switches...to the APs. Couple of Extreme and Brocade switches thrown in the mix to keep it a mess. Ugh. I've been spending days doing a very details wireless tuneup...but ripping what's left of my hair out, not fond of this Fortinet setup. Gotta jump on FB and find a Fortinet expert to hire out a few hours to.

 

[SAFCasper]

Had terrible experiences with D-Link years ago. Partially my own fault for using budget gear and expecting decent results but the failure and fault rate was significantly more noticeable than similar devices from other manufacturers.

Also, when it comes to switches my preference hasn't really change for 6-7 years now.
Low end dumb switch = Netgear or TP Link.
Light managed switch = Ubiquiti EdgeSwitch.
Managed = HPE Procurve / Aruba

I'll use Unifi occasionally when the client also has Unifi AP's because the integration is nice.