0
rhino

Router Issue?? Computer Geeks Unite!! lol

By rhino, in The Bonfire

Recommended Posts

rhino    0

rhino
I am working on a site that has a Netgear FR114p Router.

I am installing a ME103 Access Point.

What would be the best way or the best setting on the FR114p to allow me to access that me103 access point remotely from another office?

I will be giving the me103 a hard coded ip address.

Any ideas?

Rhino

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
Probally not going to happen on that level of a router. You need something that allows you to code your NAT translation tables so that you can specify exactly where the traffic gets directed to.

You can try port forwarding to the device but if any other traffic is coming inbound over that same port it will never get to the PC that requested it. Other issue is if the gateway device IP changes you are now unable to access it.

Personally... allowing remote access to your network devices is about the stupidest thing you can do. Username is hard coded, means only the password has to be guessed and thats easy to do.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

lemonjelly    0

lemonjelly
Totally agree!

I'm currently accessing ADSL through my neighbours wireless router, muppet aint set any f/wall. He's away quite a bit so download city!

This is one of the things that can happen:)
*************************************************
RED LIGHTS & OFF LANDINGS ARE JUST MY THANG
http://www.redlightrob.co.uk

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
No, that would be "he aint set any encryption". WEP is so easy to use that if you don't turn it on you deserve to have all your routers passwords changed, encryption turned on and set to a random key, therefore making your wireless device useless to you.

Not that I'd ever do that to any of my ghetto stupid neighbors that run wireless setups to avoid running a CAT5 cable 5 feet.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

rhino    0

rhino
Quote

You can try port forwarding to the device but if any other traffic is coming inbound over that same port it will never get to the PC that requested it. Other issue is if the gateway device IP changes you are now unable to access it.



I'm going to tell the router to assign any inbound requests on port 80 to goto the access point and lock it down with a password.

Outbound requests that are initiated from a pc are considered outbound requests by the router not inbound. So pc traffic wouldn't be affected.

It isn't to the entire network. Just to the access point itself. Password protected of course.

Share this post

Link to post
Share on other sites

ChasingBlueSky    0

ChasingBlueSky
Quote

No, that would be "he aint set any encryption". WEP is so easy to use that if you don't turn it on you deserve to have all your routers passwords changed, encryption turned on and set to a random key, therefore making your wireless device useless to you.



Until you press the reset button on the back of the router to bring it to default settings.
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
Quote

I'm going to tell the router to assign any inbound requests on port 80 to goto the access point and lock it down with a password.



And that is just about the stupidest security thing you could do. I hope you are not accepting money for a poor quality idea like that. :|

The router passwords are really easy to crack, and you know that so much of port scans are over port 80. Where the hell do you think you are directing all the hackers to? Your weak security access point. Why even have a firewall in the first place if you are going to open the world up to you? :S

And it will affect browser traffic too. Some times in the outbound request the data gets told to come back in over port 80, where do you think its going to go in that case? You know, the whole SYN, ACK, SYN/ACK thing? :S
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
Quote

Until you press the reset button on the back of the router to bring it to default settings.



I've found my neighbor eventually got tired of resetting his box, it has'nt been online for 5 weeks now.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

Fast    0

Fast
I don't really like the idea.

There has to be a better way. I just can't seem to think of it right now.
~D
Where troubles melt like lemon drops Away above the chimney tops That's where you'll find me.
Swooping is taking one last poke at the bear before escaping it's cave - davelepka

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
Allowing remote access to ANY network device is a really REALLY REALLY stupid idea. If you want to be able to access the device you should be required to be on a trusted segment. If I would ever catch a network engineer or anyone doing that on my company network they would be out the door faster then I could walk to their cube to give them a swift kick in the ass all the way out the building.
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

Snowflake    0

Snowflake
Quote

The router passwords are really easy to crack, and you know that so much of port scans are over port 80. Where the hell do you think you are directing all the hackers to? Your weak security access point. Why even have a firewall in the first place if you are going to open the world up to you?



Let me get this straight with a Netgear routers or access points you can't use an ACL on the telnet port to restrict access to the router? you can't set the username? you can't set a limit on login attempts? When you reset them they go back to factory defaults?

If the above is true I would suggest you take that crap to the trash and get some real networking gear

Does the access point even have an OS/IOS?

Share this post

Link to post
Share on other sites

wildblue    7

wildblue
The netgear router he's talking about is a step above (barely) netgear's 'consumer' routers. So yes, you can restrict access based on IP or IP range. He wants to remotely administer the WAP past that though.

Rhino - your best bet is to use the VPN pass-through available on that model. Connect to the internal network, and administer the WAP that way.
it's like incest - you're substituting convenience for quality

Share this post

Link to post
Share on other sites

Kris    0

Kris
Quote

Allowing remote access to ANY network device is a really REALLY REALLY stupid idea. If you want to be able to access the device you should be required to be on a trusted segment. If I would ever catch a network engineer or anyone doing that on my company network they would be out the door faster then I could walk to their cube to give them a swift kick in the ass all the way out the building.



Exactly. And if you have to do it, do it right. We use VPN with one time pad RSA Radius keys. I have the nifty RSA SecurID key-fob version myself.;)
Sky, Muff Bro, Rodriguez Bro, and
Bastion of Purity and Innocence!™

Share this post

Link to post
Share on other sites

ChasingBlueSky    0

ChasingBlueSky
Quote

The netgear router he's talking about is a step above (barely) netgear's 'consumer' routers. So yes, you can restrict access based on IP or IP range. He wants to remotely administer the WAP past that though.

Rhino - your best bet is to use the VPN pass-through available on that model. Connect to the internal network, and administer the WAP that way.



Curious - could IPSEC be used? I've only done workshops with it and never used it in practice. But VPN was my thought as well.

What do you think of "Gotomypc.com" web based application? For a while that is how the execs here were doing remote access to their email before our web based exchange was online.
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post

Link to post
Share on other sites

ChasingBlueSky    0

ChasingBlueSky
Quote

Quote

Allowing remote access to ANY network device is a really REALLY REALLY stupid idea. If you want to be able to access the device you should be required to be on a trusted segment. If I would ever catch a network engineer or anyone doing that on my company network they would be out the door faster then I could walk to their cube to give them a swift kick in the ass all the way out the building.



Exactly. And if you have to do it, do it right. We use VPN with one time pad RSA Radius keys. I have the nifty RSA SecurID key-fob version myself.;)



I've always wondered about those FOBs - have you ever had the keys not match up? What happens when the battery dies - how do you sync it back up? I always thought that a bluetooth version of that FOB would be a great idea if you had a switch to turn off the broadcast.
_________________________________________
you can burn the land and boil the sea, but you can't take the sky from me....
I WILL fly again.....

Share this post

Link to post
Share on other sites

Kris    0

Kris
I've never had a key fail unless I don't enter the password before the next key change (60 secs). As for the battery dying, the SecurID fob comes with an expiration date which is well before when the battery will die. I believe they're good for about 2-3 years. After that, the unit displays a message showing it is expired.

There is no broadcast. You simply enter the key information from the new fob into your access system and that's it. When I put in my password remotely, I enter the 6 digits from the fob in front of my password.
Sky, Muff Bro, Rodriguez Bro, and
Bastion of Purity and Innocence!™

Share this post

Link to post
Share on other sites

PhreeZone    20

PhreeZone
The box I have had at my desk since August expires 12/31/08. Thats over 4 years. I'm responcible for adminstrating 1300+ fobs and I might get one complaint a month about it failing and 99.9% of the time its since the user forgot their PIN.

Its funny seeing all the implimentions of the fobs. We do a 4-8 charecter PIN and then the 6 display digits. Kris is sounds like you do tokencode + windows password correct?

I've found the failure rate for failed keys is less then the failure rate for smashed/lost tokens. :ph34r:B|
Yesterday is history
And tomorrow is a mystery

Parachutemanuals.com

Share this post

Link to post
Share on other sites

Snowflake    0

Snowflake
Quote

The netgear router he's talking about is a step above (barely) netgear's 'consumer' routers. So yes, you can restrict access based on IP or IP range. He wants to remotely administer the WAP past that though.



Thats why I asked if the access point has an IOS

I'm very Ciscocentric and don't touch much of anything else. In my world this wouldn't be an issue.

Edit to Add does the router have an ios and/or a web interface? just curious

Share this post

Link to post
Share on other sites

Kris    0

Kris
That sounds closer to right. I just got this new fob last Jan and it's good until 7/31/07, it may have been sitting for awhile before I got it.

And, yup, we use tokencode + domain password. The ASC system is surprisingly robust. I can only recall one time it was down, and that was for a scheduled upgrade that only took 45 minutes.

I just wish the fobs were as robust. I'm evil with my keys and such, so I just keep my fob at my house. They last longer that way.:P Seriously though, I've only killed one in 3 years, and that was due to an accidental run through the wash cycle with my clothes.
Sky, Muff Bro, Rodriguez Bro, and
Bastion of Purity and Innocence!™

Share this post

Link to post
Share on other sites

wildblue    7

wildblue
Quote

Won't VPN pass though have the issue of actually needing to have a RAS server on the inside?



Yes. Easy enough to do with Win 2k (((shudder)))

Quote

Thats why I asked if the access point has an IOS

I'm very Ciscocentric and don't touch much of anything else. In my world this wouldn't be an issue.



If they're using Netgear, they're already trying to do this cheap. Cheap usually ends up being more expensive in man hours, down-time, and stolen data B|
it's like incest - you're substituting convenience for quality

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing