Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: External access to Netgear RP114 "firewall"

From: auto353237 () hushmail com
Date: Tue, 18 Jun 2002 08:17:28 -0700


Hi John,

The first time I saw this behaviour in the RP114 it was actually my neighbours router that I was accidentally logging 
into, thinking that it was my own. I had a PC with a fixed address of 192.168.0.100 and I had connected it to the WAN 
by mistake, thinking that it was a LAN connection. In my apartment I have both WAN and LAN ports in the wall in most 
rooms.

Oops, my neighbour must have done some silly configuration, I thought, and started looking through his config to check 
what he had done wrong. Strange, everything seemed like factory default.

So I picked up my own router, and placed it in a lab between two Linux machines so that I could figure out exactly what 
it was doing. My own router did the same thing, answering on 192.168.0.1 on the WAN interface! I restored factory 
defaults with the reset button on the back, and it would still allow telnet and http to address 192.168.0.1 on both LAN 
and WAN ports.

If you fail to see this behaviour then perhaps you are moving your cable too quickly. The ARP cache in the router has a 
five minute timeout, so I you have used your PC on the LAN within the last five minutes then the router will not expect 
that same 192.168.0.x address on the WAN. Just move the cable and wait five minutes, or use an IP address on your 
client that has never been seen on the LAN. Or perhaps your router isn't RP114 compatible.

Max.


On Mon, 17 Jun 2002 16:33:37 -0400, John <johns () tampabay rr com> wrote:

----- Original Message -----
From: <auto353237 () hushmail com>
To: <bugtraq () securityfocus com>
Sent: June 17, 2002 8:13 AM
Subject: External access to Netgear RP114 "firewall"

Hello Max,  check your router's configuration to make sure you didn't put
192.168.0.1 in the DMZ. One of my routers is the NetGear RO318 with the same
firmware and I can't confirm this.


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Previous By Date Next
Previous By Thread Next

Current thread: