Thanks for all the cool info, I have transferred my attentions to trying my new Zyxel VMG8324 for the time being whilst I make a few further checks on my D-Link and come back to it. I already had the latest firmware but i want to double check on the vulnerabilities after you're rather worrying notes above.
On the plus side it was very easy to set up and seemed to be performing well on my line, shame about the security issues.
Thanks again!
Chunks
Similarly, I have transferred my attentions to the Billion 8800NL that arrived today.
I would be interested to hear how you fare with your Zyxel.
I should have posted up more details on the dlink, but I've posted loads already!
I did take some notes so if I find the time I might get round to whipping them into some sort of shape fit enough to post.
Oh and whilst writing the web scraper script posted above, I discovered that the 'authentication' appears to not properly block bogus requests.
What seems to happen is that the first successful 'login' from an IP appears to put that IP onto some sort of a whitelist, because subsequent requests can be made from the same IP with bogus credentials, and they will succeed until some timeout has expired.
Oh and because of that I didn't immediately notice that I borked a login parameter in the scraper script- because it always succeeds if you have 'logged in' from your browser.
[edit: attached an updated script version which now does 'login' then web scrape then 'logout']