|
Bizzare: Access to someones router over the net..So i accidentally typed in 192.168.1.1 in the browser to access my tomato router, and to my surprise, I reached someone else's Tenda router page! I do not use any Tenda equipment in the house and my wireless network card is disabled. I attempted to ping the IP and I do get a response but the trace route is more interesting: Tracing route to 192.168.1.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms tomato [192.168.0.1]
2 6 ms 6 ms 6 ms 198.251.52.1
3 8 ms 13 ms 9 ms 10.0.10.18
4 8 ms 7 ms 8 ms 192.168.1.1
Trace complete.
How is this possible? I thought the 192.168.1.x was a private range. Is this some carrier grade NAT business? |
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Mar-22 7:26 pm
Thats bizarre. Who's your ISP?
Do you have any sort of powerline ethernet bridges in your home? |
|
|
Its Vmedia.
I've checked that only my asus wireless is active and the smartRG is in bridge mode with the wireless disabled.
All the devices on my local lan are on the 192.168.0.x subnet.. Curiously, my public IP is not shown on the trace route either. My public IP is in the 104.158.x.x range
Edit: There is no powerline devices or wireless bridges. Only the smartRG and the asus router |
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Mar-22 7:35 pm
what does a site like » www.ipchicken.com show for your external IP? |
|
|
|
Same as the PPPoE session in tomato, 104.158.x.x |
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Mar-22 7:37 pm
Have you tried reconnecting your PPPoE session, to see if a different external IP might solve it? |
|
|
No, I don't want to do that just yet. I'll poke at it some more. |
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Mar-22 7:39 pm
Yeah, this is interesting.. can you try to see if you can ping any other IP's on that 192.168.1.x subnet? |
|
|
External IP wouldn't matter. The trace route shows that it's not going out to the internet.
You're on cable? I'm no expert on this, but it looks to me like it's hitting Rogers/Cogeco's router and being routed back to another customer instead of out to the internet. That's Bad.
Edit: Well, that 198.251.52.1 address is a public IP. A 10. address after that is odd.
Some router is routing it badly anyway. Maybe not Rogers/Cogeco, but someone. |
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Mar-22 7:53 pm
He mentioned PPPoE, so it's DSL. |
|
Nitra join:2011-09-15 Montreal |
Nitra
Member
2015-Mar-22 7:54 pm
Something is very much not configured properly, they need to fix that right away. |
|
|
I ran a quick nmap from tomato: Nmap done: 254 IP addresses (55 hosts up) scanned in 111.24 seconds
|
|
|
to cybersaga
Once it gets on to the third party's network they can route your packets however they want from their side. In this case, either it's being bridged to another customer or a network within Vmedia. |
|
|
to BoogaBooga
Yeah vmedia dsl does that. Its IS the weirdest most bizzare thing ever.
Theyre exposing their station info.
My SmartRG SR505N is in bridge mode, going to 192.168.1.1 Gets me to Tenda login page. No tenda equipment in the house.
Shows the thing as AC1200 Router. |
|
|
lol yah. I get that exact page. |
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Mar-22 8:57 pm
What happens if your router is set to be on the 192.168.1.1 subnet, like most routers by default, would it still route to that Tenda router? |
|
|
to BoogaBooga
Thank you for pointing this out. Issue will be addressed and corrected within the next 10 mins. |
|
HiVolt Premium Member join:2000-12-28 Toronto, ON |
HiVolt
Premium Member
2015-Mar-22 9:07 pm
said by MattVMedia:Thank you for pointing this out. Issue will be addressed and corrected within the next 10 mins. Would be nice to know how a mistake like this could have been made? |
|
|
to HiVolt
said by HiVolt:What happens if your router is set to be on the 192.168.1.1 subnet, like most routers by default, would it still route to that Tenda router? No, it would never hit VMedia's routers in that case. |
|
|
to Garep
What I find more bizarre is that the tenda router is responding to requests addressed to 192.268.1.1 on its wan interface |
|
1 recommendation |
v6movement
Anon
2015-Mar-23 9:07 am
said by JAMESMTL:What I find more bizarre is that the tenda router is responding to requests addressed to 192.268.1.1 on its wan interface The fact that an ISP does not block RFC1918 addressed traffic is definitely more bizarre. |
|
|
to JAMESMTL
I'm even thinking a routing protocol of some sort must be turned on in the router at 192.168.1.1, I mean, can see them putting a route for 192.168.1.0/24 and pointing it at a customer. |
|
|
to BoogaBooga
I would say most likely Vmedia has a lab setup going on. Since GAS is used for wholesale Internet as well as virtual circuits they may be using it for both. The only thing I could say they did wrong is not setting an ACL so only specific connections are allowed to route to that address space. |
|
4 edits |
to BoogaBooga
Looks like someone forgot to put an ACL on their virtual interface template.
edit: That router is likely somewhere in their management plane.
edit: They can also route RFC1918 address's to null to accomplish the same sort of thing as the ACL but without the risk of someone fragmenting their packets to bypass the ACL.
I do both an ACL and a static route to null0 on my network.
edit: I also block ip options and don't allow fragmented packets anywhere they shouldn't go. |
|
|
to v6movement
Do the Vmedia IPTV boxes point to a private address within Vmedias network? |
|
your moderator at work
hidden : Personal attacks
|
|
to BoogaBooga
Re: Bizzare: Access to someones router over the net..Could it have been an employee connecting to the network from home? |
|