Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsSpark New Zealand (including Skinny and BigPipe)Netcomm 3G Router Telecom DNS blocked??
dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

#136219 19-Nov-2013 13:59
Send private message

Would someone from Telecom please explain exactly whats going on with the above router's access to DNS being blocked? I spoke to a support rep last week and he briefly explained that some security hole was found in the netcomm router os and that thoughtfully telecom had blocked dns access to all of these router. To get around the block I need to supply him with the sim card details then change to the private ip apn wap.telecom.co.nz instead of the internet facing ip apn internet.telecom.co.nz that we had been using?

Create new topic
LennonNZ
2459 posts

Uber Geek

ID Verified
Trusted

  #937364 19-Nov-2013 15:37
Send private message

I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #937375 19-Nov-2013 15:43
Send private message

LennonNZ: I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




Can anyone from Telecom confirm this?

I've checked on Netcomm's website but no updated firmware exists for this model (3G19W)

Would be nice to know if Telecom have opened a dialogue with Netcomm to have this fixed.

dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #937455 19-Nov-2013 17:57
Send private message

All gone quiet in the Telecom camp???

Helloo??????



Ragnor
8218 posts

Uber Geek

Trusted

  #937459 19-Nov-2013 18:13
Send private message

Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ

dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #937463 19-Nov-2013 18:17
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.

freitasm
BDFL - Memuneh
79250 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #937464 19-Nov-2013 18:20
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.




Please support Geekzone by subscribing, or using one of our referral links: Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSyncBackblaze backup

Yyrael
222 posts

Master Geek

Trusted

  #937477 19-Nov-2013 19:05
Send private message

dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #937484 19-Nov-2013 19:07
Send private message

freitasm:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.



precisely - my reason for posting here first.

dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #937485 19-Nov-2013 19:08
Send private message

Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.

Yyrael
222 posts

Master Geek

Trusted

  #937496 19-Nov-2013 19:40
Send private message

dimsim:
Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.


Okay, everything in your original post is correct. The DNS port was blocked to cover a security loophole and changing the APN is one way around this. The alternative is to telnet into the router and manually unblock the DNS port but this isn't a method we support so I don't have any instructions sadly :(

Hope that helps!

plambrechtsen
1948 posts

Uber Geek
Inactive user


  #938508 21-Nov-2013 16:21
Send private message

Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871

gajan
286 posts

Ultimate Geek

Trusted
Spark NZ
Lifetime subscriber

  #938804 22-Nov-2013 09:01
Send private message

Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.




My comments and remarks are not necessarily of my employer.

dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #938857 22-Nov-2013 10:29
Send private message

plambrechtsen: Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871


Yes, it is a DNS issue and setting to Google's or other DNS does fix things, but the issue still remains that apparently (still looking for the official word) all Netcomm routers connected to Telecom mobile broadband (pretty sure this doesn't affect dsl/ethernet routers as more would be aware of the problem) have DNS port 53 blocked by mac address in Telecom's firewall. Thus the routers are unable to use the automatically assigned Telecom DNS servers and fail DNS diagnostics.

When I first spoke to mobile broadband support the guy simply asked for the mobile number, tapped a few keys, told me to change form internet to wap.telecom.co.nz then reboot the router.

Next time I rang mobile broadband support couldnt help me passed me to CTS, who knew nothing, but eventually told me to manually set dns and change apn and got the router working this time.

Apparently a "fix" is scheduled for the 25/11/13, whether this is an internal firewall fix or a software update form netcomm im still in the dark.

dimsim

848 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #938858 22-Nov-2013 10:30
Send private message

gajan: Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.


it was only yesterday afternoon that i was speaking to CTS and the issue still existed.  unfortunately router has gone back to client with manually assigned dns, i will try and get access to it at a later date and reset it back to defaults.

Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright