TPG Community

Get online support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Is my router accessible to everyone on the internet.

SOLVED Go to solution
robm79
Level 3
Level 3
‎01-01-2022 03:52 PM

Hi All,

Decided to set up Open VPN on my router, but I see it's been disabled by TPG for "security reasons". That's annoying, but...

 

My router seems to be sitting unprotected on the internet accessible to everbody. Where's its security, TPG?

 

I have NBN, Arris cable modem which I know nothing about and can't seem to access, Archer VR1600V V1 wifi router, dynamic IP. Tried to set up NOIP.org dynamic DNS in the router, and almost succeeded.

 

Now when I manually update the Dynamic DNS with NOIP DUC and go to "myadress.noip.org" I get the login screen for the router, which I wasn't expecting. Not only that but it's an insecure HTTP connection, not HTTPS. Out of interest I found out my IP address 194.555.12.12 and typed that into the browser - same insecure login page.

 

Note I'd never changed the login name from the original "admin" and only had a nine-letter password, so it seems anyone on the internet for any of the past few years could have brute-forced and remotely logged in to my router? Doesn't seem a particularly sensible or secure way to set things up. Certainly not what I expected, or I would have changed username/password.

 

So: today changed a few things:

Username & password.

Enabled HTTPS secure login.

Unable to disable HTTP insecure login... why?

 

Tried to log in: Insecure login page still works, even from the internet.

Secure login page fails!!! Because it's NOT secure!!! Both my antivirus (Bitdefender) and my browser (Firefox) won't let me access the page because it uses insecure TLS1.0, way behind the minimum necessary TLS1.2 that Firefox & Bitdefender want.

 

Why is the router firmware so insecure and backward and out of date, if these routers are sitting unprotected on the internet accessible to anyone?

 

Am I missing something obvious?

 

Regards,
Rob

0 Likes
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
david64
Level 15
Level 15
‎01-01-2022 04:17 PM

Hi @robm79 . I put in a complaint about the admin screen being accessible from the internet even though remote access was disabled. It was referred to the engineering team (black hole) but never heard anything about a fix. 

It's a firmware bug that allows it to happen. I could workaround by forwarding port 80 to a non-existent local address. I saw later on that the admin page became inaccessible remotely when the rule was removed. So a double bug. To be safe, leave the rule enabled. But it has to be set again if you do a factory reset.

Re DDNS, use noip.com. Router notifies them when its ip address changes. They append  ddns.net   to your hostname.

View solution in original post

0 Likes
Reply
4 REPLIES 4
david64
Level 15
Level 15
‎01-01-2022 04:17 PM

Hi @robm79 . I put in a complaint about the admin screen being accessible from the internet even though remote access was disabled. It was referred to the engineering team (black hole) but never heard anything about a fix. 

It's a firmware bug that allows it to happen. I could workaround by forwarding port 80 to a non-existent local address. I saw later on that the admin page became inaccessible remotely when the rule was removed. So a double bug. To be safe, leave the rule enabled. But it has to be set again if you do a factory reset.

Re DDNS, use noip.com. Router notifies them when its ip address changes. They append  ddns.net   to your hostname.

0 Likes
Reply
robm79
Level 3
Level 3
‎01-01-2022 04:54 PM

Cheers. I did a search of the community, didn't find your post.

So they know but haven't had time to fix it.

 

Can I ask you how to set up DDNS in the router please? (Can I hijack my own thread?) You seem to have got it working, I haven't succeeded.

 

On the NOIP site I set up an account with USERNAME & PASSWORD.

Once logged in to that account I generated a domain MY_HOST_NAME.ddns.net

 

When I try to set the Dynamic DNS in the Archer router there are three boxes to fill, Username, Password, and Domain name.

I've tried filling the three boxes with my NOIP account's "USERNAME" & "PASSWORD" and the domain name I set up, "MY_HOST_NAME.ddns.net". When I press Save it gets stuck showing "Connecting", never succeeds, never gets to Connected. To update the DNS I have to switch my PC on and run NOIP's Dynamic Update Client. What am I doing wrong?

 

Thanks and regards,
Rob

 

 

0 Likes
Reply
robm79
Level 3
Level 3
‎01-01-2022 05:31 PM

Got the DDNS going - master reboot of everything and it came good.

Cheers,
Rob

 

0 Likes
Reply
david64
Level 15
Level 15
‎01-01-2022 05:41 PM

@robm79 . To create a free account at noip.com, your username is your email address because they send you notification when your free account is due to expire, a password for the noip account, and your domain name (noip.com appends  .ddns.net). In router, select NO-IP, username is the email address and the password used for noip.com, and the full domain name. Save and Login. Router sends its current ip address and whenever it changes.

0 Likes
Reply