Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New ZealandNetcomm 3G Router Telecom DNS blocked??


553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

Topic # 136219 19-Nov-2013 13:59
Send private message

Would someone from Telecom please explain exactly whats going on with the above router's access to DNS being blocked? I spoke to a support rep last week and he briefly explained that some security hole was found in the netcomm router os and that thoughtfully telecom had blocked dns access to all of these router. To get around the block I need to supply him with the sim card details then change to the private ip apn wap.telecom.co.nz instead of the internet facing ip apn internet.telecom.co.nz that we had been using?

Create new topic
2367 posts

Uber Geek
+1 received by user: 380

Trusted

  Reply # 937364 19-Nov-2013 15:37
Send private message

I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

  Reply # 937375 19-Nov-2013 15:43
Send private message

LennonNZ: I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




Can anyone from Telecom confirm this?

I've checked on Netcomm's website but no updated firmware exists for this model (3G19W)

Would be nice to know if Telecom have opened a dialogue with Netcomm to have this fixed.

 
 
 
 




553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

  Reply # 937455 19-Nov-2013 17:57
Send private message

All gone quiet in the Telecom camp???

Helloo??????

8030 posts

Uber Geek
+1 received by user: 388

Trusted
Subscriber

  Reply # 937459 19-Nov-2013 18:13
Send private message

Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ



553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

  Reply # 937463 19-Nov-2013 18:17
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.

BDFL - Memuneh
63004 posts

Uber Geek
+1 received by user: 13581

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 937464 19-Nov-2013 18:20
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.




Backblaze cloud backup (personal and business) | Geekzone broadband switch | Amazon (Geekzone aff) | MightyApe (Geekzone aff)

 

My technology disclosure | Business Transformation | Enterprise Content Management | Customer Relationship Management | Sharesies investment fund

222 posts

Master Geek
+1 received by user: 45

Trusted

  Reply # 937477 19-Nov-2013 19:05
Send private message

dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."



553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

  Reply # 937484 19-Nov-2013 19:07
Send private message

freitasm:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.



precisely - my reason for posting here first.



553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

  Reply # 937485 19-Nov-2013 19:08
Send private message

Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.

222 posts

Master Geek
+1 received by user: 45

Trusted

  Reply # 937496 19-Nov-2013 19:40
Send private message

dimsim:
Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.


Okay, everything in your original post is correct. The DNS port was blocked to cover a security loophole and changing the APN is one way around this. The alternative is to telnet into the router and manually unblock the DNS port but this isn't a method we support so I don't have any instructions sadly :(

Hope that helps!

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  Reply # 938508 21-Nov-2013 16:21
Send private message

Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871

91 posts

Master Geek
+1 received by user: 24

Trusted
Spark NZ
Lifetime subscriber

  Reply # 938804 22-Nov-2013 09:01
Send private message

Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.




My comments and remarks are not necessarily of my employer.



553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

  Reply # 938857 22-Nov-2013 10:29
Send private message

plambrechtsen: Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871


Yes, it is a DNS issue and setting to Google's or other DNS does fix things, but the issue still remains that apparently (still looking for the official word) all Netcomm routers connected to Telecom mobile broadband (pretty sure this doesn't affect dsl/ethernet routers as more would be aware of the problem) have DNS port 53 blocked by mac address in Telecom's firewall. Thus the routers are unable to use the automatically assigned Telecom DNS servers and fail DNS diagnostics.

When I first spoke to mobile broadband support the guy simply asked for the mobile number, tapped a few keys, told me to change form internet to wap.telecom.co.nz then reboot the router.

Next time I rang mobile broadband support couldnt help me passed me to CTS, who knew nothing, but eventually told me to manually set dns and change apn and got the router working this time.

Apparently a "fix" is scheduled for the 25/11/13, whether this is an internal firewall fix or a software update form netcomm im still in the dark.



553 posts

Ultimate Geek
+1 received by user: 43

Trusted
Lifetime subscriber

  Reply # 938858 22-Nov-2013 10:30
Send private message

gajan: Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.


it was only yesterday afternoon that i was speaking to CTS and the issue still existed.  unfortunately router has gone back to client with manually assigned dns, i will try and get access to it at a later date and reset it back to defaults.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19

Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58

2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35

Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35

Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19

HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12

Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09

Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07

Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03

New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59

Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05

DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51

RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50

Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48

Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.