Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

# 136219 19-Nov-2013 13:59
Send private message

Would someone from Telecom please explain exactly whats going on with the above router's access to DNS being blocked? I spoke to a support rep last week and he briefly explained that some security hole was found in the netcomm router os and that thoughtfully telecom had blocked dns access to all of these router. To get around the block I need to supply him with the sim card details then change to the private ip apn wap.telecom.co.nz instead of the internet facing ip apn internet.telecom.co.nz that we had been using?

Create new topic
2367 posts

Uber Geek
+1 received by user: 380

Trusted

  # 937364 19-Nov-2013 15:37
Send private message

I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

  # 937375 19-Nov-2013 15:43
Send private message

LennonNZ: I presume there is a security hole in the router which allows external people to change the DNS servers on the router thus hijacking people's traffic.

Changing the APN to wap.telecom.co.nz from internet.telecom.co.nz makes the router have a non public ip address thus not accessible from the internet but it doesn't fix the security issue but mitigate it

Maybe a good solution but what about people who actually want a real world ip address? a New firmware version or what?




Can anyone from Telecom confirm this?

I've checked on Netcomm's website but no updated firmware exists for this model (3G19W)

Would be nice to know if Telecom have opened a dialogue with Netcomm to have this fixed.

 
 
 
 




552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

  # 937455 19-Nov-2013 17:57
Send private message

All gone quiet in the Telecom camp???

Helloo??????

8033 posts

Uber Geek
+1 received by user: 390

Trusted
Subscriber

  # 937459 19-Nov-2013 18:13
Send private message

Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ



552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

  # 937463 19-Nov-2013 18:17
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.

BDFL - Memuneh
63304 posts

Uber Geek
+1 received by user: 13839

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 937464 19-Nov-2013 18:20
Send private message

Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.





222 posts

Master Geek
+1 received by user: 45

Trusted

  # 937477 19-Nov-2013 19:05
Send private message

dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."



552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

  # 937484 19-Nov-2013 19:07
Send private message

freitasm:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.


Actually they're pretty good here - including other ISPs.



precisely - my reason for posting here first.



552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

  # 937485 19-Nov-2013 19:08
Send private message

Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.

222 posts

Master Geek
+1 received by user: 45

Trusted

  # 937496 19-Nov-2013 19:40
Send private message

dimsim:
Yyrael:
dimsim:
Ragnor: Have you tried asking Telecom via one of their support channels?

No guarantee they will notice a thread on a 3rd party forum like Geekzone.

Try their Twitter
https://twitter.com/TelecomNZ


I've just wasted 20 minutes on the phone to a muppet who knows nothing... I had this fixed for another client in five minutes a week ago just from speaking to the right person... I was hoping for someone a little higher up the food chain to provide a definitive answer/comment/solution.


I am looking into it but usually saying I'm looking into it isn't a very useful reply hence why you have no reply yet.
But you've forced my hand!

"Looking into it."
lol

nice one - thanks.


Okay, everything in your original post is correct. The DNS port was blocked to cover a security loophole and changing the APN is one way around this. The alternative is to telnet into the router and manually unblock the DNS port but this isn't a method we support so I don't have any instructions sadly :(

Hope that helps!

1948 posts

Uber Geek
+1 received by user: 469
Inactive user


  # 938508 21-Nov-2013 16:21
Send private message

Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871

93 posts

Master Geek
+1 received by user: 26

Trusted
Spark NZ
Lifetime subscriber

  # 938804 22-Nov-2013 09:01
Send private message

Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.




My comments and remarks are not necessarily of my employer.



552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

  # 938857 22-Nov-2013 10:29
Send private message

plambrechtsen: Just one point of clarification.

Neither wap.telecom.co.nz or internet.telecom.co.nz are internet accessible APNs. "wap.telecom.co.nz" is a Carrier Grade NAT range that goes via the WAP Gateway and thus is true private address and the IP Address allocated to you will not be your internet IP address. "internet.telecom.co.nz" you get a public address but it's behind a router/firewall that only allows outbound connections.

If for whatever reason you did want inbound connections to your router you should use "direct.telecom.co.nz" which does give you direct access to your router from the internet.

Using "direct.telecom.co.nz" would mean that if your router had been "owned" and someone was using it as a DNS Relay, you could be up for a very nasty bill.

So what is the actual problem you are trying to solve?

Edit: It wouldn't be related to this issue? http://forums.whirlpool.net.au/archive/1856871


Yes, it is a DNS issue and setting to Google's or other DNS does fix things, but the issue still remains that apparently (still looking for the official word) all Netcomm routers connected to Telecom mobile broadband (pretty sure this doesn't affect dsl/ethernet routers as more would be aware of the problem) have DNS port 53 blocked by mac address in Telecom's firewall. Thus the routers are unable to use the automatically assigned Telecom DNS servers and fail DNS diagnostics.

When I first spoke to mobile broadband support the guy simply asked for the mobile number, tapped a few keys, told me to change form internet to wap.telecom.co.nz then reboot the router.

Next time I rang mobile broadband support couldnt help me passed me to CTS, who knew nothing, but eventually told me to manually set dns and change apn and got the router working this time.

Apparently a "fix" is scheduled for the 25/11/13, whether this is an internal firewall fix or a software update form netcomm im still in the dark.



552 posts

Ultimate Geek
+1 received by user: 44

Trusted
Lifetime subscriber

  # 938858 22-Nov-2013 10:30
Send private message

gajan: Network changes have been made in the last 48hours for the Netcomm DNS Ports. The issue should now be resolved (for both APNs). If you are still having DNS issues with the Netcomm device PM me some details, and I'll get someone to look into this.


it was only yesterday afternoon that i was speaking to CTS and the issue still existed.  unfortunately router has gone back to client with manually assigned dns, i will try and get access to it at a later date and reset it back to defaults.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.