Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3 posts

Wannabe Geek
+1 received by user: 1


Topic # 136343 24-Nov-2013 02:29
Send private message

Hi all,

I have been with Snap UFB just over a year now and all in all I'm happy with the service.  When I signed up I elected to waive the offer of a Fritzbox and instead use my own hardware.  I run a Mikrotik RB751G-2HnD router and a ye olde Linksys PAP2T for VOIP duties.  This combo has worked flawlessly up until this week.

On Thursday I received a phone call from a cheerful Snap staff member asking me if I could enable remote access on my Fritzbox so they could push an update.  When I said I didn't have a Fritzbox they said they'd talk to their manager and call me back, which they did.  They then told me that the update pertained to migrating me from the "old" SIP server (123.255.8.255) to the "new" SIP server (connect1.plus.snap.net.nz), and should simply be a matter of updating the respective setting on my ATA device including adding a leading zero to the username (i.e. my phone number).  Simple?  Yeah nah.

My PAP2T keeps throwing an error "can't connect to login server" when trying to register with the "new" SIP server.  Switching back to the "old" SIP address (or in fact any other SIP server) works like a charm.  The aforementioned cheerful Snap staff member suggested checking my firewall to make sure the connection isn't being blocked, which it isn't.  As Snap don't officially support anything other than the Fritzbox the cheerful staff member then suggested he leave me to "play around" to see if I could get it to work.

I can't fathom for the life of me why this isn't working.  connect1.plus.snap.net.nz resolves to chcacme01.plus.snap.net.nz which resolves to 123.255.8.82.  I get no ping response from that address and from my perspective port 5060 is not open there either, so no wonder my PAP2T can't connect.  If I run a trace route to the two respective addresses this is what I see...

Firstly the "old" SIP address:

C:\Users\Administrator>tracert 123.255.8.255

Tracing route to 255.8.255.123.static.snap.net.nz [123.255.8.255]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  router [192.168.88.1]
  2     8 ms     3 ms     3 ms  111-69-1-xxx.core.snap.net.nz [111.69.1.xxx]
  3     2 ms     2 ms     2 ms  32.54.69.111.static.snap.net.nz [111.69.54.32]
  4     2 ms     2 ms     9 ms  185.16.69.111.static.snap.net.nz [111.69.16.185]
  5     3 ms     1 ms     2 ms  184.16.69.111.static.snap.net.nz [111.69.16.184]
  6     2 ms     2 ms     2 ms  255.8.255.123.static.snap.net.nz [123.255.8.255]

Trace complete.

... as expected.  Then the "new" SIP address:

C:\Users\Administrator>tracert 123.255.8.82

Tracing route to connect1.plus.snap.net.nz [123.255.8.82]
over a maximum of 30 hops:

  1    <1 ms     1 ms    <1 ms  router [192.168.88.1]
  2     2 ms     7 ms     2 ms  111-69-1-xxx.core.snap.net.nz [111.69.1.xxx]
  3     2 ms     3 ms     3 ms  32.54.69.111.static.snap.net.nz [111.69.54.32]
  4     2 ms     4 ms     2 ms  116.53.69.111.static.snap.net.nz [111.69.53.116]
  5     2 ms     4 ms     2 ms  117.53.69.111.static.snap.net.nz [111.69.53.117]
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.

... and it keeps hopping to nowhere, forever.  Which could be normal, or could represent a routing problem.

Has anyone else out there had this issue?  Is there a kind Snap UFB user out there who could also check these traceroutes and see if theirs are any different?  Many thanks in advance...

Filter this topic showing only the reply marked as answer Create new topic
597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 939725 24-Nov-2013 03:07
Send private message

This seems to be like a routing issue, get snap on the phone and get them to do ping tests and trace routes.
I'm not currently on the snap network (long story) but I should still be able to ping it, the DNS resolves but pings fail.

EDIT: you could try using connect2 or connect3 and seeing if those work. Though the pings failed for me.




Regards
Stefan Andres Charsley

BDFL - Memuneh
63000 posts

Uber Geek
+1 received by user: 13577

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 939744 24-Nov-2013 08:19
Send private message

mird: On Thursday I received a phone call from a cheerful Snap staff member asking me if I could enable remote access on my Fritzbox so they could push an update.  When I said I didn't have a Fritzbox they said they'd talk to their manager and call me back, which they did.  They then told me that the update pertained to migrating me from the "old" SIP server (123.255.8.255) to the "new" SIP server (connect1.plus.snap.net.nz), and should simply be a matter of updating the respective setting on my ATA device including adding a leading zero to the username (i.e. my phone number).  Simple?  Yeah nah.


How do you know the person calling was really from Snap and not someone who was just trying to access your box to use it later for calls?

Sure everything sounds ok ("oh, we're just calling to change from the old to a new one") and it might even be true. But if anyone contacts me claiming to be from my provider asking to have access to my router (and therefore to my network), the answer would be a big "Hell, NO".

This could well be someone from Snap calling, in which case I suggest they change the way they contact customers. Perhaps banks and ISPs could have TWO PINs? One you have to give when calling them and another they give to the customer when they call you?

In any case, just a warning. If someone calls you claiming to be from your ISP (or bank) then just ask for a name and call the public ISP/bank number (don't call a number they give you on the phone either).






 
 
 
 


dan

1018 posts

Uber Geek
+1 received by user: 95

Lifetime subscriber

  Reply # 939758 24-Nov-2013 08:50
Send private message

Snap did that change on mine several weeks ago and it works fine, now using connect1.plus.snap.net.nz

my tracert to 123.255.8.82 is the exactly the same as yours, request timed out after after 117.53.69.111 and im on VDSL,

so i doubt its a routing issue they are just blocking it





597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 939823 24-Nov-2013 12:23
Send private message

freitasm:
mird: On Thursday I received a phone call from a cheerful Snap staff member asking me if I could enable remote access on my Fritzbox so they could push an update.  When I said I didn't have a Fritzbox they said they'd talk to their manager and call me back, which they did.  They then told me that the update pertained to migrating me from the "old" SIP server (123.255.8.255) to the "new" SIP server (connect1.plus.snap.net.nz), and should simply be a matter of updating the respective setting on my ATA device including adding a leading zero to the username (i.e. my phone number).  Simple?  Yeah nah.


How do you know the person calling was really from Snap and not someone who was just trying to access your box to use it later for calls?

Sure everything sounds ok ("oh, we're just calling to change from the old to a new one") and it might even be true. But if anyone contacts me claiming to be from my provider asking to have access to my router (and therefore to my network), the answer would be a big "Hell, NO".

This could well be someone from Snap calling, in which case I suggest they change the way they contact customers. Perhaps banks and ISPs could have TWO PINs? One you have to give when calling them and another they give to the customer when they call you?

In any case, just a warning. If someone calls you claiming to be from your ISP (or bank) then just ask for a name and call the public ISP/bank number (don't call a number they give you on the phone either).




I am unsure of how they do their remote access but I was pretty sure they use TR-069 with the information preloaded and you just need to activate it. That wouldn't be insecure in any way since you're not handing over any details.




Regards
Stefan Andres Charsley

BDFL - Memuneh
63000 posts

Uber Geek
+1 received by user: 13577

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 939825 24-Nov-2013 12:42
Send private message

That is if the person calling is really from Snap... Someone could just say "I am from Snap and need to hange some configuration. Please change your router to allow remote management from any IP and what is the password please?"

I am sure more than one would fall for that... Just look at how many fall for the "Microsoft support" calls.




597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 939827 24-Nov-2013 12:45
Send private message

freitasm: That is if the person calling is really from Snap... Someone could just say "I am from Snap and need to hange some configuration. Please change your router to allow remote management from any IP and what is the password please?"

I am sure more than one would fall for that... Just look at how many fall for the "Microsoft support" calls.


Sadly this is true. People need to wise up and realise that just because someone says something doesn't mean it's true, I'm pretty sure this is called lying or something like that :-P




Regards
Stefan Andres Charsley

3446 posts

Uber Geek
+1 received by user: 441

Trusted

  Reply # 939877 24-Nov-2013 14:12
Send private message

The FQDN is from Snap though







3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 939955 24-Nov-2013 18:39
Send private message

I was suspicious about the validity of such a request also, but was reassured by the snap 0800 number on the CallerID, and that they called back on my cell phone, and that they told me MY password (though that they store this as plain text is a little worrying). So let's move on past that kettle of fish.



Thanks for the other useful input. I will call Snap tomorrow and see if they have any more suggestions.

175 posts

Master Geek
+1 received by user: 17


  Reply # 941548 27-Nov-2013 10:18
Send private message

Yeah the plain text password .............. wasn't impressed by that.

597 posts

Ultimate Geek
+1 received by user: 132


  Reply # 941569 27-Nov-2013 10:28
One person supports this post
Send private message

Distorter: Yeah the plain text password .............. wasn't impressed by that.


Storing it as plain text and storing it as reversible encrypted text are two different things. Just because a password can be read from a database doesn't mean that it's stored as plain text.

That aside, was this issue resolved?




Regards
Stefan Andres Charsley



3 posts

Wannabe Geek
+1 received by user: 1


  Reply # 943553 1-Dec-2013 00:00
One person supports this post
Send private message

I did manage to resolve this. I managed to get a IOS SIP client to connect but my Linksys still refused. I resorted to some packet sniffing to try to figure out what was happening due to the PAP2T's utterly useless error messages. I discovered registration was failing with a 403 error and after trawling through some google results found a reference to lowering the "proxy fallback interval" so I reduced it to 600 and problem solved!

1602 posts

Uber Geek
+1 received by user: 232


  Reply # 943578 1-Dec-2013 07:32
Send private message

Congrats on good problem solving!

27668 posts

Uber Geek
+1 received by user: 7147

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 943635 1-Dec-2013 10:24
Send private message

Distorter: Yeah the plain text password .............. wasn't impressed by that.


How else would you expect a SIP password to be stored?

8030 posts

Uber Geek
+1 received by user: 388

Trusted
Subscriber

  Reply # 944265 2-Dec-2013 17:35
Send private message

sbiddle:
Distorter: Yeah the plain text password .............. wasn't impressed by that.


How else would you expect a SIP password to be stored?


I would expect the password entered on signup to have a random salt generated then a one way hash created with a strong algorithm like PBKDF2 with the resulting hash/salt combo stored in the DB because we're in 2013 not 1990.



Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Orcon announces new always-on internet service for Small Business
Posted 18-Apr-2019 10:19


Spark Sport prices for Rugby World Cup 2019 announced
Posted 16-Apr-2019 07:58


2degrees launches new unlimited mobile plan
Posted 15-Apr-2019 09:35


Redgate brings together major industry speakers for SQL in the City Summits
Posted 13-Apr-2019 12:35


Exported honey authenticated on Blockchain
Posted 10-Apr-2019 21:19


HPE and Nutanix partner to deliver hybrid cloud as a service
Posted 10-Apr-2019 21:12


Southern Cross and ASN sign contract for Southern Cross NEXT
Posted 10-Apr-2019 21:09


Data security top New Zealand consumer priority when choosing a bank
Posted 10-Apr-2019 21:07


Samsung announces first 8K screens to hit New Zealand
Posted 10-Apr-2019 21:03


New cyber-protection and insurance product for businesses launched in APAC
Posted 10-Apr-2019 20:59


Kiwis ensure streaming is never interrupted by opting for uncapped broadband plans
Posted 7-Apr-2019 09:05


DHL Express introduces new MyDHL+ online portal to make shipping easier
Posted 7-Apr-2019 08:51


RackWare hybrid cloud platform removes barriers to enterprise cloud adoption
Posted 7-Apr-2019 08:50


Top partner named at MYOB High Achievers Awards
Posted 7-Apr-2019 08:48


Great ideas start in Gisborne with hackathon event back for another round
Posted 7-Apr-2019 08:42



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.