Re: Wireless Router into Netopia Router Into VPN

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: IBC (spamityspam_at_spam.spam)
Date: 07/22/04 

Date: Thu, 22 Jul 2004 14:08:24 -0500

All the posts I've seen about the injection issue pertain to:

 VULNERABLE:
DI-624 Revision B, firmware up to 1.28 (latest)
It is *highly* probable that other models are affected too.

This one is version C with 2.42 Firmware. May still be an issue, but for now
DHCP is the least of my worries.....

As far as looping goes, I'm not sure what we're talking about anymore and
could really use some help from the big guns who have done this before. As
near as I can tell, the Dlink should be sending requests to the router which
should be sending them to the internet. The path to my VPN just happens to
come back through a shared gateway. The dlink servers ONLY one wireless
laptop.

"Kathy" <k_j_evans@tohell.with.spam> wrote in message
news:eugmuZBcEHA.2476@TK2MSFTNGP09.phx.gbl...
> Doesn't the SBS external NIC need to be on a different subnet from the
> Netopia?
>
> DLINK don't (AFAIK) allow looping back to the outside from the inside -
> check the user guide. So you can't test your VPN from inside the network,
> you have to get out via another router (dial-up) and then come back in.
>
> And isn't that DLINK one of the ones with the scripting injection via DHCP
> vulnerability? I'd make sure that DHCP is turned off on it.
>
> Kathy
>
> "IBC" <spamityspam@spam.spam> wrote in message
> news:Och11ABcEHA.596@TK2MSFTNGP11.phx.gbl...
> > If I read your chart correctly, yes, that's our set up.
> >
> > Big nasty internet
> > |
> > (Public IP)Netopia Router(DHCP for
192.168.1.X)-------(192.168.1.XX)DLink
> > Router(192.168.20.X)------Laptop(192.168.20.X)
> > |
> > (DHCP)192.168.1.XXExternal NIC on SBS
> > |
> > ISA Server
> > |
> > (10.X.X.X)Internal NIC on SBS
> > |
> > LAN Side
> >
> > (pretty much your diagram re-digested)
> >
> > If I make a VPN call out to our public IP, shouldn't it be flying out to
> our
> > DNS servers(located externally at our ISP) and whipping a U-turn back
> > through the WAN port? If so, how does it distinguish this from any other
> > connection from the internet?
> >
> > I think I'm seeing how its not gonna work, but I could use the
explanation
> > and any conceivable work arounds......
> >
> > Thanks!
> >
> >
> > "David Elders" <david_elders@nospam.hotmail.com> wrote in message
> > news:uB32tuAcEHA.2476@TK2MSFTNGP09.phx.gbl...
> > > Hi IBC,
> > >
> > > Can you note your logistical set-up, please? Is it:
> > >
> > > Internet
> > > Netopia Router > DLink Wireless Router
> > > External NIC on SBS
> > > ISA
> > > Internal NIC on SBS
> > > LAN
> > >
> > > In which case the following would all be in the same IP range:
> > >
> > > External NIC on SBS
> > > Interal side of Netopia
> > > External side of DLink
> > >
> > > Or am I getting mixed up? :-)
> > >
> > > David
> > >
> > >
> > > "IBC" <spamityspam@spam.spam> wrote in message
> > > news:%23CeUPZAcEHA.1152@TK2MSFTNGP09.phx.gbl...
> > > > We purchased an inexpensive wireless router to do some experimenting
> in
> > > the
> > > > office. I have plugged the WAN port of the new wireless router
(DLink
> > > > DI-624) into one of the LAN ports on our Netopia router. This set up
> > works
> > > > perfectly for creating a separate network for the wireless and I can
> > > access
> > > > the internet just fine. The trouble comes when I try to VPN from the
> > > > wireless into our network. I get the "Connecting" screen, I get the
> > > > "Verifying username and Password" screen, but it just hangs there
> until
> > it
> > > > times out. I have a wireless DLink setup at home and I have
> successfully
> > > > VPN'ed into the office with it several times. I brought that laptop
> into
> > > the
> > > > office, and it does the same hanging routine. So, I KNOW I have the
PC
> > set
> > > > up properly, and the logs show a connection attempt, but there isn't
> any
> > > > username or password info in the log.
> > > >
> > > > I checked the router log and see a suspicious pattern of dropped
> packets
> > > > (ICMP from the netopia on what looks to be port 32). This is a
default
> > > rule
> > > > on the router. Maybe a red herring.
> > > >
> > > > Any ideas where to look?
> > > >
> > > > (I understand I could have gotten a WAP and tied right into the
> network,
> > > but
> > > > we wanted the functionality of letting clients browse the internet
> while
> > > > staying off our network)
> > > >
> > > > Thanks!
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: DLINK 614+ - SOHO routers, system DOS
    ... the flaws reported to DLINK on May 24th and posted to bugtraq have ... Rev A's latest firmware available is still 2.30 and therefore IS ... | left in an unstable state immediately followed by a system reboot. ... | along with the request or if no ip address is available for dynamic ...
    (Bugtraq)
  • Re: Fehlermeldung Prozesseinsprungspunkt
    ... Von Dlink bekommen nur registrierte Nutzer Support. ... hat, hinter einem Kabel-Modem. ... Komme ich nicht umhin, den Router völlig neu ... Kabel-Provider Auslieferungs Firmware. ...
    (microsoft.public.de.german.windowsxp.sonstiges)
  • Re: Linksys - sucks?
    ... my main experience these days has been using dlink. ... what i've found tho in the case of the dlink di-614+ is that the US firmware ... with respect to wireless. ... > US Robotics - Not too bad, had problems with routers need to be restarted ...
    (microsoft.public.windows.server.sbs)
  • OT, Wireless N Router suggestions please
    ... My DLINK DIR 655 is crashing once a day, I'm pretty sure they screwed up ... the firmware with there last release (the firmware is not downgradable so ... I tried a Belkin Wireless N+ router but it was ... reservations, good performance and reliability. ...
    (comp.os.linux.networking)
  • Re: improving throughput
    ... I have also upgraded the firmware on the G800AP ... then bak to the basement then back to the second floor. ... Is the DLink gear set for normal G or one of the turbo modes? ...
    (microsoft.public.windows.mediacenter)