D-Link Blog Home

To find the proper MTU Size, you’ll have to do a special ping of the destination you’re trying to go to. A destination could be another computer, or a URL.

Step 1 Click on Start and then click Run.

Step 2 Windows NT, 2000, and XP users type in cmd and press Enter (or click OK).

Step 3 Once the window opens, you’ll need to do a special ping. Use the following syntax:

ping [url] [-f] [-l] [MTU value]

Example: ping yahoo.com -f -l 1472

You should start at 1472 and work your way down by 10 each time. Once you get a reply, go up by 2 until you get a fragmented packet. Take that value and add 28 to the value to account for the various TCP/IP headers. For example, lets say that 1452 was the proper value, the actual MTU size would be 1480, which is the optimum for the network we’re working with (1452+28=1480).

Once you find your MTU, you can now configure your router with the proper MTU size.

Tags: MTU, mtu size, router

A maximum transmission unit (MTU) is the largest size packet or frame, specified in octets (eight-bit bytes), that can be sent in a packet or frame-based network such as the Internet. The Internet´s Transmission Control Protocol uses the MTU to determine the maximum size of each packet in any transmission. Too large an MTU size may mean retransmissions if the packet encounters a router that can´t handle that large a packet. Too small an MTU size means relatively more header overhead and more acknowledgements that have to be sent and handled. Most computer operating systems provide a default MTU value that is suitable for most users. In general, Internet users should follow the advice of their Internet service provider (ISP) about whether to change the default value and what to change it to.

In Windows 95, the default MTU was 1500 octets (eight-bit bytes), partly because this is the Ethernet standard MTU. The Internet de facto standard MTU is 576, but ISPs often suggest using 1500. If you frequently access Web sites that encounter routers with an MTU size of 576, you may want to change to that size. (Apparently some users find that changing the setting to 576 improves performance and others do not find any improvement.) The minimum value that an MTU can be set to is 68.

For more recent Windows systems, the operating system is able to sense whether your connection should use 1500 or 576 and select the appropriate MTU for the connection.

Tags: default mtu, MTU, mtu size

D-Link News from http://www.tomshardware.com/.

D-Link is beefing router security with the inclusion of DNSSEC, CAPTCHA, and IPv6 certification.

D-Link Systems said Wednesday that it is now incorporating DNS Security Extensions (DNSSEC) into its home networking routers to help consumers defend against the rising assault of worms, viruses, hacking and other malicious Web attacks. Previously the company improved router security by adding Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) to models DIR-615, DIR-625, DIR-628, DIR-655, DIR-825, DIR-855, DIR-685, and DGL-4500.

“Unlike other brands, the majority of currently shipping D-Link routers are more difficult to be compromised due to our advanced set of security features,” said A.J. Wang, chief technology officer, D-Link. “We’re excited to be the first in the market to announce we have taken the initiative to implement both CAPTCHA and DNSSEC into our routers, thus providing yet another layer of security, and we’ll continue to provide our users with the latest in advanced security technologies.”

As for CAPTCHA, D-Link integrated the technology in mid-2009. It’s a challenge-response test that verifies that a response during a user logon is actually a human and not computer-generated. Users confirm their organic origins by entering a small amount of text displayed in an image to help prevent automated registration and fraud.

“By incorporating both DNSSEC and CAPTCHA initiatives, D-Link routers now facilitate strong security thus protecting Internet users against man-in-the-middle, cache poisoning and other cyber attacks to ward off web hacking and phishing,” D-Link said.

The company also added that it will be migrating to IPv6 certification. In addition to the new realm of IP addresses, IPv6 brings “certain security measures” including IPSec, a method of authenticating and encrypting data transferred between pairs of hosts that wasn’t part of the specs for IPv4.

DNSSEC, CAPTCHA and IPv6 features are currently available on most currently shipping D-Link’s routers, however more will be updated.

Tags: CAPTCHA, D-Link, DNSSEC, IPv6

The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

The original design of the Domain Name System (DNS) did not include security; instead it was designed to be a scalable distributed system. The Domain Name System Security Extensions (DNSSEC) attempts to add security, while maintaining backwards compatibility. RFC 3833 attempts to document some of the known threats to the DNS and how DNSSEC responds to those threats.

DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server. While protecting IP addresses is the immediate concern for many users, DNSSEC can protect other information such as general-purpose cryptographic certificates stored in CERT records in the DNS. RFC 4398 describes how to distribute these certificates, including those for email, making it possible to use DNSSEC as a worldwide public key infrastructure for email.

What is the vulnerability in the DNS?

The efficient work of storing a response that functions as a mid-way point between an end user’s computer and an authoritative server is performed by a caching name server, usually operated by an ISP (Internet Service Provider). The DNS was designed to allow this caching server to accept the first response it receives. It is possible, without the verification provided by DNSSEC authentication, for a malicious user to flood this caching name server with a spoofed response that is, most often, intended to dupe the end user into providing personal and or financial information to what appears to be his or her intended destination.

How does DNSSEC work?

DNSSEC works through a system of keys. At each stage in supplying a DNS query response through the chain that takes it back to the initiator’s machine, a known key and a private key must be matched. In this way, the response to the query is authenticated and the response validated.

Tags: DNS, DNS server, DNSSEC, NAT

Tell you how to setup D-Link DFL-210/800/1600 Firewall PPPoE Wan Connection.

Step 1: Open a web browser and type the IP address of the firewall into the address bar (default is 192.168.1.1). Press Enter.

Step 2: Click on the plus sign (+) next to Interfaces and select PPPoE

Step 3: Click the Add button and Select PPPoE Tunnel.

Step 4: Create the PPPoE Tunnel as Followed:

Step 5: Click OK.

Step 6: Click on the plus sign next to Rules select IP Rules and Select lan_to_wan

Step 7: Right click the drop_smb-all and select Edit.

Step 8: Change the Destination Interface to your Created PPPoE Interface and Click OK.

Allow_standardStep 10: Click on the Configuration tab and select Save and Activate from the dropdown menu. Click on OK to save and activate your changes.

Tags: DFL-210, Firewall, PPPoE, Wan Connection