Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
plambrechtsen
1948 posts

Uber Geek
Inactive user


  #824340 23-May-2013 19:27
Send private message

I would however like to know what its modem code is though.

If you could pm me and you are a Telecom customer email me and we could do a quick line test with it and I can grab the necessary numbers at our end.

JamesL
956 posts

Ultimate Geek
Inactive user


  #824382 23-May-2013 20:20
Send private message

Maybe there's a greater conspiracy here that these modems are designed to be flawed ;)

 
 
 
 


Lorenceo
843 posts

Ultimate Geek

Trusted

  #824409 23-May-2013 20:47
Send private message

There have been a few posts on forums about the Orcon Genius box doing this as well. An open resolver on the WAN port is a rather poor design, to say the least.

Psi

Psi

11 posts

Geek


  #824410 23-May-2013 20:47
Send private message

I just got back from checking their network.

It was exactly what you said. The router by default is open on the WAN side.
telnet, dns and webpage.

I couldn't get the builtin firewall to block all.
But since they don't need any pinholes I enabled DMZ and set it to a local IP/subnet that doesn't exist.

Now all ports are stealth.

Thanks for your help guys.

sbiddle
29282 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #824419 23-May-2013 21:01
Send private message

Lorenceo: There have been a few posts on forums about the Orcon Genius box doing this as well. An open resolver on the WAN port is a rather poor design, to say the least.


This issue was somebody who had the firewall disabled (without seeming to realise this was the case).

Genius with the firewall enabled doesn't have this issue.

eXDee
4025 posts

Uber Geek

Trusted

  #824420 23-May-2013 21:06
Send private message

freitasm: I think if the customer buys/uses a cheap modem not supplied by the ISP then all traffic and implications of lack of security lies on customer.

Same as running a PC without antivirus then having problems...

/Devil's Advocate





Agreed.
A device provided from your ISP should be trusted to have sufficient security.

But a device you purchase yourself, is on your own shoulders to make sure its set up correctly or has no faults/flaws. It shouldn't be the ISPs responsibility. 

It would be nice if they warned customers of the issue if they are made aware of it, but they shouldnt have to proactively identify all modems of third parties and ensuring they are secure.


These days DDoS attacks make significant use of recursive dns resolvers, so having such issues is going to cause a headache for the user in terms of data cap/upload congestion. And of course it's a given that the person on the receiving end of the attack will be having a bad time too.

I certainly hope that the person i spotted is saved from a data cap headache.
plambrechtsen: There are a number of modems that suffer from poor security...

Feel free to read about how the Internet Census 2012 was done.....

Thankfully all Telecom supplied modems don't suffer from this problem as we check them before the firmware gets signed off. Can't say the same for all modem providers.

So now the real question. Since the internet census is out there is the onus on customers who are running non Telecom supplied modems that are insecure be on the ISP? Or does responsibility fall on the customer?

Yup. Pretty neat project even if it was using insecure devices - it really is worrying what is connected that shouldn't be.

plambrechtsen
1948 posts

Uber Geek
Inactive user


  #824449 23-May-2013 22:12
Send private message

Psi: I just got back from checking their network.

It was exactly what you said. The router by default is open on the WAN side.
telnet, dns and webpage.

I couldn't get the builtin firewall to block all.
But since they don't need any pinholes I enabled DMZ and set it to a local IP/subnet that doesn't exist.

Now all ports are stealth.

Thanks for your help guys.


Since you have now put the dodgy modem back in place (why?) Could you email / message me their home line number?
Plus why didnt you get one of the free Telecom supplied ones as the TG582N is pretty good. I run one at home.

 
 
 
 


Zeon
3644 posts

Uber Geek

Trusted

  #824502 24-May-2013 01:35
Send private message

Lol holy sh!t that thing is terrible. If we told the distributors do you think they would care?




Speedtest 2019-10-14


Psi

Psi

11 posts

Geek


  #824504 24-May-2013 02:21
Send private message


i have already instructed them to call their isp and get a new router.

For now the tenda is working properly.
(Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax

When i notified pbtech (where i got it) they put me in contact with Tenda AUS.
Ive told them about the problem and am waiting to hear back.

freitasm
BDFL - Memuneh
68872 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #824533 24-May-2013 08:17
Send private message

Psi: (Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax


It does. A product that is shipped to thousands of people, many of which have no idea this is happening, even less idea on how to correct it, is crap.

Out of curiosity, which ISP provided this modem/router?





 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


plambrechtsen
1948 posts

Uber Geek
Inactive user


  #824536 24-May-2013 08:29
Send private message

freitasm:
Psi: (Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax


It does. A product that is shipped to thousands of people, many of which have no idea this is happening, even less idea on how to correct it, is crap.

Out of curiosity, which ISP provided this modem/router?



Didn't the OP just say he got it from pbtech?

I wonder if it has a telepermit?

freitasm
BDFL - Memuneh
68872 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #824538 24-May-2013 08:32
Send private message

Oh, sorry, missed that.




 

 

These links are referral codes

 

Geekzone broadband switch | Eletcricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Coinbase | TheMarket | My technology disclosure


michaelmurfy
/dev/null
9636 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  #824546 24-May-2013 09:03
Send private message

In fact that reminds me, I've had a modem supplied by an ISP which was a Dlink DSL-526B - I've still got it laying around home somewhere.

No matter what you do, you can not close port 8080 - which directs to the web interface, the problem with this also is even if you change the default admin password it still lets you in as Admin.

I thought putting it in half-bridge or DMZ would fix it - wrong.

The only way I could actually disable it is login via Telnet and intentionally break it's web server. I tried putting some iptables rules in to block it but these get reset ugh. I'd love to know how many of these modems are still out there on this ISP - even the latest firmware does not fix this hole.




Bung
3506 posts

Uber Geek

Subscriber

  #824553 24-May-2013 09:17
Send private message

plambrechtsen: I wonder if it has a telepermit?


Even a telepermit is no guarantee that this wouldn't happen. "This Specification only covers DSL physical layer requirements."

Psi

Psi

11 posts

Geek


  #824638 24-May-2013 11:35
Send private message

freitasm:
Psi: (Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax


It does. A product that is shipped to thousands of people, many of which have no idea this is happening, even less idea on how to correct it, is crap.

Out of curiosity, which ISP provided this modem/router?



I meant "crap" in the sense of needing to throw it away even after the problem is solved because the hardware is crap. Which i don't believe is the case.

It will probably work perfectly now that it's configured to block incoming wan connections.
The fact that it doesn't block wan traffic by default isn't due to faulty router hardware. The router is doing exactly what it was told to do.  If it had been randomly crashing then yeah, i would agree to throw it away.

It is however a major problem for other people buying a router who don't know about this issue.
So its crap in that sense.

michaelmurfy: In fact that reminds me, I've had a modem supplied by an ISP which was a Dlink DSL-526B - I've still got it laying around home somewhere. 

No matter what you do, you can not close port 8080 - which directs to the web interface, the problem with this also is even if you change the default admin password it still lets you in as Admin. 

I thought putting it in half-bridge or DMZ would fix it - wrong. 

The only way I could actually disable it is login via Telnet and intentionally break it's web server. I tried putting some iptables rules in to block it but these get reset ugh. I'd love to know how many of these modems are still out there on this ISP - even the latest firmware does not fix this hole.


Yeah, i've also seen many telecom supplied dlink's with stupid faults.
The most common issue i see is pinholes which stop working after a day or two. 
Requiring a reboot to get them back.


1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic





News »

Huawei launches IdeaHub Pro in New Zealand
Posted 27-Oct-2020 16:41


Southland-based IT specialist providing virtual services worldwide
Posted 27-Oct-2020 15:55


NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.