Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Netcomm 3G Router Telecom DNS blocked??
dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

#136219 19-Nov-2013 13:59
Send private message

Would someone from Telecom please explain exactly whats going on with the above router's access to DNS being blocked? I spoke to a support rep last week and he briefly explained that some security hole was found in the netcomm router os and that thoughtfully telecom had blocked dns access to all of these router. To get around the block I need to supply him with the sim card details then change to the private ip apn wap.telecom.co.nz instead of the internet facing ip apn internet.telecom.co.nz that we had been using?

Create new topic
LennonNZ
2459 posts

Uber Geek
+1 received by user: 411

ID Verified
Trusted

  #937364 19-Nov-2013 15:37
Send private message

I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #937375 19-Nov-2013 15:43
Send private message

LennonNZ: I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




Can anyone from Telecom confirm this?

I've checked on Netcomm's website but no updated firmware exists for this model (3G19W)

Would be nice to know if Telecom have opened a dialogue with Netcomm to have this fixed.

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #937455 19-Nov-2013 17:57
Send private message

All gone quiet in the Telecom camp???

Helloo??????



Ragnor
8279 posts

Uber Geek
+1 received by user: 585

Trusted

  #937459 19-Nov-2013 18:13
Send private message

Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #937463 19-Nov-2013 18:17
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41025

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #937464 19-Nov-2013 18:20
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Shop now for Lego sets and other gifts (affiliate link).
Yyrael
222 posts

Master Geek
+1 received by user: 45

Trusted

  #937477 19-Nov-2013 19:05
Send private message

dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #937484 19-Nov-2013 19:07
Send private message

freitasm:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.



precisely - my reason for posting here first.

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #937485 19-Nov-2013 19:08
Send private message

Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.

Yyrael
222 posts

Master Geek
+1 received by user: 45

Trusted

  #937496 19-Nov-2013 19:40
Send private message

dimsim:
Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.


Okay, everything in your original post is correct. The DNS port was blocked to cover a security loophole and changing the APN is one way around this. The alternative is to telnet into the router and manually unblock the DNS port but this isn't a method we support so I don't have any instructions sadly :(

Hope that helps!

plambrechtsen
1948 posts

Uber Geek
+1 received by user: 459
Inactive user


  #938508 21-Nov-2013 16:21
Send private message

Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
gajan
305 posts

Ultimate Geek
+1 received by user: 208

Trusted
Spark NZ
Lifetime subscriber

  #938804 22-Nov-2013 09:01
Send private message

Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.




My comments and remarks are not necessarily of my employer.

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #938857 22-Nov-2013 10:29
Send private message

plambrechtsen: Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871


Yes, it is a DNS issue and setting to Google's or other DNS does fix things, but the issue still remains that apparently (still looking for the official word) all Netcomm routers connected to Telecom mobile broadband (pretty sure this doesn't affect dsl/ethernet routers as more would be aware of the problem) have DNS port 53 blocked by mac address in Telecom's firewall. Thus the routers are unable to use the automatically assigned Telecom DNS servers and fail DNS diagnostics.

When I first spoke to mobile broadband support the guy simply asked for the mobile number, tapped a few keys, told me to change form internet to wap.telecom.co.nz then reboot the router.

Next time I rang mobile broadband support couldnt help me passed me to CTS, who knew nothing, but eventually told me to manually set dns and change apn and got the router working this time.

Apparently a "fix" is scheduled for the 25/11/13, whether this is an internal firewall fix or a software update form netcomm im still in the dark.

dimsim

867 posts

Ultimate Geek
+1 received by user: 151

Trusted
Lifetime subscriber

  #938858 22-Nov-2013 10:30
Send private message

gajan: Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.


it was only yesterday afternoon that i was speaking to CTS and the issue still existed.  unfortunately router has gone back to client with manually assigned dns, i will try and get access to it at a later date and reset it back to defaults.

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright