Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




3 posts

Wannabe Geek
+1 received by user: 1


# 136343 24-Nov-2013 02:29
Send private message

Hi all,

I have been with Snap UFB just over a year now and all in all I'm happy with the service.  When I signed up I elected to waive the offer of a Fritzbox and instead use my own hardware.  I run a Mikrotik RB751G-2HnD router and a ye olde Linksys PAP2T for VOIP duties.  This combo has worked flawlessly up until this week.

On Thursday I received a phone call from a cheerful Snap staff member asking me if I could enable remote access on my Fritzbox so they could push an update.  When I said I didn't have a Fritzbox they said they'd talk to their manager and call me back, which they did.  They then told me that the update pertained to migrating me from the "old" SIP server (123.255.8.255) to the "new" SIP server (connect1.plus.snap.net.nz), and should simply be a matter of updating the respective setting on my ATA device including adding a leading zero to the username (i.e. my phone number).  Simple?  Yeah nah.

My PAP2T keeps throwing an error "can't connect to login server" when trying to register with the "new" SIP server.  Switching back to the "old" SIP address (or in fact any other SIP server) works like a charm.  The aforementioned cheerful Snap staff member suggested checking my firewall to make sure the connection isn't being blocked, which it isn't.  As Snap don't officially support anything other than the Fritzbox the cheerful staff member then suggested he leave me to "play around" to see if I could get it to work.

I can't fathom for the life of me why this isn't working.  connect1.plus.snap.net.nz resolves to chcacme01.plus.snap.net.nz which resolves to 123.255.8.82.  I get no ping response from that address and from my perspective port 5060 is not open there either, so no wonder my PAP2T can't connect.  If I run a trace route to the two respective addresses this is what I see...

Firstly the "old" SIP address:

C:\Users\Administrator>tracert 123.255.8.255

Tracing route to 255.8.255.123.static.snap.net.nz [123.255.8.255]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  router [192.168.88.1]
  2     8 ms     3 ms     3 ms  111-69-1-xxx.core.snap.net.nz [111.69.1.xxx]
  3     2 ms     2 ms     2 ms  32.54.69.111.static.snap.net.nz [111.69.54.32]
  4     2 ms     2 ms     9 ms  185.16.69.111.static.snap.net.nz [111.69.16.185]
  5     3 ms     1 ms     2 ms  184.16.69.111.static.snap.net.nz [111.69.16.184]
  6     2 ms     2 ms     2 ms  255.8.255.123.static.snap.net.nz [123.255.8.255]

Trace complete.

... as expected.  Then the "new" SIP address:

C:\Users\Administrator>tracert 123.255.8.82

Tracing route to connect1.plus.snap.net.nz [123.255.8.82]
over a maximum of 30 hops:

  1    <1 ms     1 ms    <1 ms  router [192.168.88.1]
  2     2 ms     7 ms     2 ms  111-69-1-xxx.core.snap.net.nz [111.69.1.xxx]
  3     2 ms     3 ms     3 ms  32.54.69.111.static.snap.net.nz [111.69.54.32]
  4     2 ms     4 ms     2 ms  116.53.69.111.static.snap.net.nz [111.69.53.116]
  5     2 ms     4 ms     2 ms  117.53.69.111.static.snap.net.nz [111.69.53.117]
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.

... and it keeps hopping to nowhere, forever.  Which could be normal, or could represent a routing problem.

Has anyone else out there had this issue?  Is there a kind Snap UFB user out there who could also check these traceroutes and see if theirs are any different?  Many thanks in advance...

Filter this topic showing only the reply marked as answer Create new topic
597 posts

Ultimate Geek
+1 received by user: 132


  # 939725 24-Nov-2013 03:07
Send private message

This seems to be like a routing issue, get snap on the phone and get them to do ping tests and trace routes.
I'm not currently on the snap network (long story) but I should still be able to ping it, the DNS resolves but pings fail.

EDIT: you could try using connect2 or connect3 and seeing if those work. Though the pings failed for me.




Regards
Stefan Andres Charsley

BDFL - Memuneh
63365 posts

Uber Geek
+1 received by user: 13866

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 939744 24-Nov-2013 08:19
Send private message

mird: On Thursday I received a phone call from a cheerful Snap staff member asking me if I could enable remote access on my Fritzbox so they could push an update.  When I said I didn't have a Fritzbox they said they'd talk to their manager and call me back, which they did.  They then told me that the update pertained to migrating me from the "old" SIP server (123.255.8.255) to the "new" SIP server (connect1.plus.snap.net.nz), and should simply be a matter of updating the respective setting on my ATA device including adding a leading zero to the username (i.e. my phone number).  Simple?  Yeah nah.


How do you know the person calling was really from Snap and not someone who was just trying to access your box to use it later for calls?

Sure everything sounds ok ("oh, we're just calling to change from the old to a new one") and it might even be true. But if anyone contacts me claiming to be from my provider asking to have access to my router (and therefore to my network), the answer would be a big "Hell, NO".

This could well be someone from Snap calling, in which case I suggest they change the way they contact customers. Perhaps banks and ISPs could have TWO PINs? One you have to give when calling them and another they give to the customer when they call you?

In any case, just a warning. If someone calls you claiming to be from your ISP (or bank) then just ask for a name and call the public ISP/bank number (don't call a number they give you on the phone either).






 
 
 
 


dan

1023 posts

Uber Geek
+1 received by user: 96

Lifetime subscriber

  # 939758 24-Nov-2013 08:50
Send private message

Snap did that change on mine several weeks ago and it works fine, now using connect1.plus.snap.net.nz

my tracert to 123.255.8.82 is the exactly the same as yours, request timed out after after 117.53.69.111 and im on VDSL,

so i doubt its a routing issue they are just blocking it





597 posts

Ultimate Geek
+1 received by user: 132


  # 939823 24-Nov-2013 12:23
Send private message

freitasm:
mird: On Thursday I received a phone call from a cheerful Snap staff member asking me if I could enable remote access on my Fritzbox so they could push an update.  When I said I didn't have a Fritzbox they said they'd talk to their manager and call me back, which they did.  They then told me that the update pertained to migrating me from the "old" SIP server (123.255.8.255) to the "new" SIP server (connect1.plus.snap.net.nz), and should simply be a matter of updating the respective setting on my ATA device including adding a leading zero to the username (i.e. my phone number).  Simple?  Yeah nah.


How do you know the person calling was really from Snap and not someone who was just trying to access your box to use it later for calls?

Sure everything sounds ok ("oh, we're just calling to change from the old to a new one") and it might even be true. But if anyone contacts me claiming to be from my provider asking to have access to my router (and therefore to my network), the answer would be a big "Hell, NO".

This could well be someone from Snap calling, in which case I suggest they change the way they contact customers. Perhaps banks and ISPs could have TWO PINs? One you have to give when calling them and another they give to the customer when they call you?

In any case, just a warning. If someone calls you claiming to be from your ISP (or bank) then just ask for a name and call the public ISP/bank number (don't call a number they give you on the phone either).




I am unsure of how they do their remote access but I was pretty sure they use TR-069 with the information preloaded and you just need to activate it. That wouldn't be insecure in any way since you're not handing over any details.




Regards
Stefan Andres Charsley

BDFL - Memuneh
63365 posts

Uber Geek
+1 received by user: 13866

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 939825 24-Nov-2013 12:42
Send private message

That is if the person calling is really from Snap... Someone could just say "I am from Snap and need to hange some configuration. Please change your router to allow remote management from any IP and what is the password please?"

I am sure more than one would fall for that... Just look at how many fall for the "Microsoft support" calls.




597 posts

Ultimate Geek
+1 received by user: 132


  # 939827 24-Nov-2013 12:45
Send private message

freitasm: That is if the person calling is really from Snap... Someone could just say "I am from Snap and need to hange some configuration. Please change your router to allow remote management from any IP and what is the password please?"

I am sure more than one would fall for that... Just look at how many fall for the "Microsoft support" calls.


Sadly this is true. People need to wise up and realise that just because someone says something doesn't mean it's true, I'm pretty sure this is called lying or something like that :-P




Regards
Stefan Andres Charsley

3450 posts

Uber Geek
+1 received by user: 451

Trusted

  # 939877 24-Nov-2013 14:12
Send private message

The FQDN is from Snap though







3 posts

Wannabe Geek
+1 received by user: 1


  # 939955 24-Nov-2013 18:39
Send private message

I was suspicious about the validity of such a request also, but was reassured by the snap 0800 number on the CallerID, and that they called back on my cell phone, and that they told me MY password (though that they store this as plain text is a little worrying). So let's move on past that kettle of fish.



Thanks for the other useful input. I will call Snap tomorrow and see if they have any more suggestions.

176 posts

Master Geek
+1 received by user: 17


  # 941548 27-Nov-2013 10:18
Send private message

Yeah the plain text password .............. wasn't impressed by that.

597 posts

Ultimate Geek
+1 received by user: 132


  # 941569 27-Nov-2013 10:28
One person supports this post
Send private message

Distorter: Yeah the plain text password .............. wasn't impressed by that.


Storing it as plain text and storing it as reversible encrypted text are two different things. Just because a password can be read from a database doesn't mean that it's stored as plain text.

That aside, was this issue resolved?




Regards
Stefan Andres Charsley



3 posts

Wannabe Geek
+1 received by user: 1


  # 943553 1-Dec-2013 00:00
One person supports this post
Send private message

I did manage to resolve this. I managed to get a IOS SIP client to connect but my Linksys still refused. I resorted to some packet sniffing to try to figure out what was happening due to the PAP2T's utterly useless error messages. I discovered registration was failing with a 403 error and after trawling through some google results found a reference to lowering the "proxy fallback interval" so I reduced it to 600 and problem solved!

1639 posts

Uber Geek
+1 received by user: 239


  # 943578 1-Dec-2013 07:32
Send private message

Congrats on good problem solving!

27794 posts

Uber Geek
+1 received by user: 7277

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  # 943635 1-Dec-2013 10:24
Send private message

Distorter: Yeah the plain text password .............. wasn't impressed by that.


How else would you expect a SIP password to be stored?

8033 posts

Uber Geek
+1 received by user: 390

Trusted

  # 944265 2-Dec-2013 17:35
Send private message

sbiddle:
Distorter: Yeah the plain text password .............. wasn't impressed by that.


How else would you expect a SIP password to be stored?


I would expect the password entered on signup to have a random salt generated then a one way hash created with a strong algorithm like PBKDF2 with the resulting hash/salt combo stored in the DB because we're in 2013 not 1990.



Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Video game market in New Zealand passes half billion dollar mark
Posted 24-May-2019 16:15


WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.