dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1586
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

Bizzare: Access to someones router over the net..

So i accidentally typed in 192.168.1.1 in the browser to access my tomato router, and to my surprise, I reached someone else's Tenda router page! I do not use any Tenda equipment in the house and my wireless network card is disabled.

I attempted to ping the IP and I do get a response but the trace route is more interesting:
Tracing route to 192.168.1.1 over a maximum of 30 hops
 
  1    <1 ms    <1 ms    <1 ms  tomato [192.168.0.1]
  2     6 ms     6 ms     6 ms  198.251.52.1
  3     8 ms    13 ms     9 ms  10.0.10.18
  4     8 ms     7 ms     8 ms  192.168.1.1
 
Trace complete.
 

How is this possible? I thought the 192.168.1.x was a private range. Is this some carrier grade NAT business?

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

Thats bizarre. Who's your ISP?

Do you have any sort of powerline ethernet bridges in your home?
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

Its Vmedia.

I've checked that only my asus wireless is active and the smartRG is in bridge mode with the wireless disabled.

All the devices on my local lan are on the 192.168.0.x subnet.. Curiously, my public IP is not shown on the trace route either. My public IP is in the 104.158.x.x range

Edit: There is no powerline devices or wireless bridges. Only the smartRG and the asus router

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

what does a site like »www.ipchicken.com show for your external IP?
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

Same as the PPPoE session in tomato, 104.158.x.x

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

Have you tried reconnecting your PPPoE session, to see if a different external IP might solve it?
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

No, I don't want to do that just yet. I'll poke at it some more.

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

Yeah, this is interesting.. can you try to see if you can ping any other IP's on that 192.168.1.x subnet?

cybersaga
join:2011-12-19
Selby, ON

cybersaga

Member

External IP wouldn't matter. The trace route shows that it's not going out to the internet.

You're on cable? I'm no expert on this, but it looks to me like it's hitting Rogers/Cogeco's router and being routed back to another customer instead of out to the internet. That's Bad™.

Edit: Well, that 198.251.52.1 address is a public IP. A 10. address after that is odd.

Some router is routing it badly anyway. Maybe not Rogers/Cogeco, but someone.

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

He mentioned PPPoE, so it's DSL.

Nitra
join:2011-09-15
Montreal

Nitra

Member

Something is very much not configured properly, they need to fix that right away.
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

I ran a quick nmap from tomato:
Nmap done: 254 IP addresses (55 hosts up) scanned in 111.24 seconds
 

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26 to cybersaga

Premium Member

to cybersaga
Once it gets on to the third party's network they can route your packets however they want from their side. In this case, either it's being bridged to another customer or a network within Vmedia.
Garep
join:2015-01-08

Garep to BoogaBooga

Member

to BoogaBooga
Yeah vmedia dsl does that. Its IS the weirdest most bizzare thing ever.

Theyre exposing their station info.

My SmartRG SR505N is in bridge mode, going to 192.168.1.1 Gets me to Tenda login page. No tenda equipment in the house.

Shows the thing as AC1200 Router.
BoogaBooga
join:2004-06-12
Canada

BoogaBooga

Member

lol yah. I get that exact page.

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

What happens if your router is set to be on the 192.168.1.1 subnet, like most routers by default, would it still route to that Tenda router?

MattVMedia
join:2014-07-12

MattVMedia to BoogaBooga

Member

to BoogaBooga
Thank you for pointing this out. Issue will be addressed and corrected within the next 10 mins.

HiVolt
Premium Member
join:2000-12-28
Toronto, ON

HiVolt

Premium Member

said by MattVMedia:

Thank you for pointing this out. Issue will be addressed and corrected within the next 10 mins.

Would be nice to know how a mistake like this could have been made?

cybersaga
join:2011-12-19
Selby, ON

cybersaga to HiVolt

Member

to HiVolt
said by HiVolt:

What happens if your router is set to be on the 192.168.1.1 subnet, like most routers by default, would it still route to that Tenda router?

No, it would never hit VMedia's routers in that case.

JAMESMTL
Premium Member
join:2014-09-02

JAMESMTL to Garep

Premium Member

to Garep
What I find more bizarre is that the tenda router is responding to requests addressed to 192.268.1.1 on its wan interface

v6movement
@cgocable.net

1 recommendation

v6movement

Anon

said by JAMESMTL:

What I find more bizarre is that the tenda router is responding to requests addressed to 192.268.1.1 on its wan interface

The fact that an ISP does not block RFC1918 addressed traffic is definitely more bizarre.

Napsterbater
Meh
MVM
join:2002-12-28
Milledgeville, GA

Napsterbater to JAMESMTL

MVM

to JAMESMTL
I'm even thinking a routing protocol of some sort must be turned on in the router at 192.168.1.1, I mean, can see them putting a route for 192.168.1.0/24 and pointing it at a customer.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26 to BoogaBooga

Premium Member

to BoogaBooga
I would say most likely Vmedia has a lab setup going on. Since GAS is used for wholesale Internet as well as virtual circuits they may be using it for both. The only thing I could say they did wrong is not setting an ACL so only specific connections are allowed to route to that address space.
OHSrob
join:2011-06-08

4 edits

OHSrob to BoogaBooga

Member

to BoogaBooga
Looks like someone forgot to put an ACL on their virtual interface template.

edit: That router is likely somewhere in their management plane.

edit: They can also route RFC1918 address's to null to accomplish the same sort of thing as the ACL but without the risk of someone fragmenting their packets to bypass the ACL.

I do both an ACL and a static route to null0 on my network.

edit: I also block ip options and don't allow fragmented packets anywhere they shouldn't go.

LondonDave
Premium Member
join:2011-09-05
London, ON

LondonDave to v6movement

Premium Member

to v6movement
Do the Vmedia IPTV boxes point to a private address within Vmedias network?
Expand your moderator at work
monsoon66
join:2007-01-13
Toronto, ON

monsoon66 to BoogaBooga

Member

to BoogaBooga

Re: Bizzare: Access to someones router over the net..

Could it have been an employee connecting to the network from home?