I was away from home in the last two weeks. Today I noticed that my Internet was not working. I did the normal diagnose, but nothing. I contacted my support. They said I busted transfer. I checked and it was true. Now the fun begin. When I was away, only the router got power on it with my Google Home. Stats say I uploaded 88 GB in one days.
Support says maybe someone guessed my password. Well, maybe I don’t have the must secure setup for residential there is it :
SSID with printer name ( so it’s not obvious that it’s a router)
After a while, he say they have a old issues that D-link router causing that and to contact the manufacturer to fix this issues. D-Link was helpless on this issues.
My question is, who is faulty ? My ISP or D-link ? I really don’t believe a 10 years old router to go crazy like that, but what your thought ?
No physical access is possible. You need two key to got physical access. Maybe tens persons are in the reach of the wireless. Is it’s possible someone pwned my password in this condition ? Maybe, but don’t seem the answer to me.
I contacted support and they where hopeless. For them, their product are 100% secure and he didn’t want to talk about a possible exploit, well… it’s a Geeni.
Well, wireless ranch is really limited and the port is on is own vLan, so there are not that much people that can knock the port.
Actually the port is down, but when it will be up, I will try to capture the network to see if something is going on…
Honestly, it’s only guessing at this point. We can’t give you definitive answers unless you have Wireshark traces taken during your absence that will trace back to any device on your network responsible for the traffic.
I’d recommend you to do the following:
Set encryption mode to WPA2-PSK if that is not already the case. Any other encryption method does not suffice anymore.
Set a password of at least 12 characters. Randomly generated. Not your street address + number or the name of your favorite cat, or simply your SSID.
Disconnect your light bulb and google home assistant from your LAN and put it on a separate (isolated) Wi-Fi network that is closely monitored
If it happens again, leave a computer / Raspberry running that will dump all your LAN traffic
The fact that there is a DIR-615 still in service is most likely the issue.
The protocols and software base for this machine are highly dependent upon the hardware revision. The latest, a “T” model hasn’t had a firmware update for nearly 2 years, whereas the “A” model hasn’t since 2012. It doesn’t help that they kept the same name for hardware that was completely dissimilar.
If you have a supported hardware release, the first thing I would do is install the latest available OpenWRT, or DD-WRT on it, and look into replacing it in the near future. Then, move forward from there. Obviously, don’t use the same SSID, password, etc, and disable WPA in favor of WPA2 only if possible. MAC filtering may help for brute-force, but if they already know your device MAC addresses, it’s not probable can likely change all of them easily.