Kitz Forum
Internet => General Internet => Topic started by: Dray on July 04, 2016, 01:14:59 PM
-
Looks like TP-Link forgot to renew their domain
TP-Link routers exposed to potential security flaw after domain registration lapses
http://www.neowin.net/news/tp-link-routers-exposed-to-potential-security-flaw-after-domain-registration-lapses
-
How odd. The domain expired on 31st May 2016.
From that link it says:
As for now, the company decided to make minor fixes. Yet - they don't like to buy the domain from the unknown seller, for now.
Yet all .net domains are supposed to go through a period of grace before they can be resold. According to ICANN (https://www.icann.org/resources/pages/expired-2013-05-03-en)
Once your domain has expired, it will be in Auto-Renew Grace Period (for 0-45 days), followed by a 30-day Redemption Grace Period. At the end of the Redemption Grace Period, you will not be able to renew your domain name. Your domain name will be released for registration by third parties.
So theoretically the domain should still be within the additional 30 day Redemption Grace Period.
-
Hmm.. digging further
We did some further investigation of http://tplinklogin.net/ on IRC today, and came to the surprising discovery that the domain doesn't even belong to TP-Link! The whois information shows:
Domain Name: TPLINKLOGIN.NET
Registrant:
Above.com Domain Privacy
8 East concourse
Beaumaris
VIC
3193
AU
tplinklogin.net@privacy.above.com
Tel. +61.390057904
Now doubtless this is a domain name squatter, but what a stupid thing for TP-Link to do: require specific topology for configuration, use a name instead of a (shorter) IP address for the device, and then not even own the domain! I'm amazed.
This is (https://queue.acm.org/blogposting.cfm?id=61193) from 28 Apr 2013
-------
ETA Just read the readers comments below the neowin article (http://www.neowin.net/news/tp-link-routers-exposed-to-potential-security-flaw-after-domain-registration-lapses). Looks like above.net have always owned it.
:lol:
-
Hi Kitz
Sorry, my eyesight is not what it was and mobiles are becoming too small for eyes but, I've just checked on that domain and the empties rio date is 31/05/2017.
So it was renewed for a year prior to expiration
The domain has hidden owner details, which is called domain privacy
So I am not clear as to why it is believed to have been purchased by a third party
Many thanks
John
# WHOIS tplinklogin.net
Domain Name: TPLINKLOGIN.NET
Registry Domain ID: 1659046272_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.above.com
Registrar URL: http://www.above.com
Updated Date: 2011-05-31 14:48:23.195589+10
Creation Date: 2011-05-31 14:48:23.195589+10
Registrar Registration Expiration Date: 2017-05-31 14:48:23.195589+10
Registrar: ABOVE.COM PTY LTD.
Registrar IANA ID: 940
Registrar Abuse Contact Email: abuse@above.com
Registrar Abuse Contact Phone: +61.390164107
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: above_privacy
Registrant Name: Above.com Domain Privacy
Registrant Organization: Above.com Domain Privacy
Registrant Street: 8 East concourse
Registrant City: Beaumaris
Registrant State/Province: VIC
Registrant Postal Code: 3193
Registrant Country: AU
Registrant Phone: +61.390164107
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: tplinklogin.net@privacy.above.com
Registry Admin ID: above_privacy
Admin Name: Above.com Domain Privacy
Admin Organization: Above.com Domain Privacy
Admin Street: 8 East concourse
Admin City: Beaumaris
Admin State/Province: VIC
Admin Postal Code: 3193
Admin Country: AU
Admin Phone: +61.390164107
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: tplinklogin.net@privacy.above.com
Registry Tech ID: above_privacy
Tech Name: Above.com Domain Privacy
Tech Organization: Above.com Domain Privacy
Tech Street: 8 East concourse
Tech City: Beaumaris
Tech State/Province: VIC
Tech Postal Code: 3193
Tech Country: AU
Tech Phone: +61.390164107
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: tplinklogin.net@privacy.above.com
Name Server: ns3.above.com
Name Server: ns4.above.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
>>> Last update of WHOIS database: 2011-05-31 14:48:23.195589+10 <<<
The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is", and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The Registrar of record is Above.com, Pty. Ltd. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
-
I edited my post above to say I'd just read the reader comments on neowin, before I saw your post.
Above.net appear to specialise in parked domains and privacy.. so like you say, not sure either how its been ascertained its in the hands of a third party.
It looks like all of their pages say "This domain may be for sale".
Says the same for mine (https://www.above.com/marketplace/kitz.co.uk) - yet my expiry date according to nominet - Expiry date: 15-Mar-2025
A reader on neowin confirmed that tplinklogin.net is still working on his router and as someone else said "The router does a DNS redirect within the network and points you to the LAN interface IP of the router. This url does not provide remote management of the device.".
Read the user comments below the article which explains it better.
I think someone summed it up as
*scraches head* the slogan of this site is or was "Where unprofessional journalism looks better" so how much less professional can you get?
-
As Kitz has quoted it would seem that the domain only works on your local lan and is re-directed to the internal lan IP for your router. It does not appear to connect to your router from the Internet. This is what puzzled me since there are 1000's of TP-Link routers and one domain on its own could not allow remote access to these unless it had some intelligence behind it. So this is a non story from a security point of view, in my view TP-Link did not think things out by using what looked like a real domain name for this.
Stuart
-
Hi
I see nothing wrong with the use of a real domain, as long as the real domain is owned in full by the company
We use real subdomain for external workers and internal workers, we use DNS redirect at router level, which means using the subdomain works both external (over the Internet) and internally (over the LAN), with no modification of settings for programs etc...
Lastly, usually where a domain has been parked, all domains which are parked use the same holding page
I wonder if this is connected with driving traffic to tplink or increase awareness (knowing that it would quickly become apparent there is no issue)
Many thanks
John
-
they do something very similar with http://tplinkrepeater.net for my TL-WR860RE Wi-Fi range extender. When I'm connected to the range extender, visiting that url redirects me to the internal ip address, therefore loading the login page to configure the WiFi extender. If I'm not connected to the extenders SSID then it simply loads a website. not very professional, but not a huge security risk
-
As I am currently using a TP-Link Archer VR900, I thought a quick experiment might be interesting as I have changed the default IPv4 address of the device to suit my LAN. On entering the string tplinklogin.net in the browser's address bar, it is automagically changed to http://ww1.tplinklogin.net/ and the following is displayed --
tplinklogin.net
Related Searches
Buy this domain
This domain may be for sale
This page provided to the domain owner free by Sedo's Domain Parking. Disclaimer: Domain owner and Sedo maintain no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo or domain owner and does not constitute or imply its association, endorsement or recommendation.
-
Hi burakkucat
I myself think this makes sense given the number of devices which would have their LAN side changed
The parked domain is not a threat and users cannot go any further, not can they buy the domain - even if they submitted a bid or displayed interest in buying. I doubt very much tplink would sell.
It may have been better though, if the code was able to update the rewrite DNS but above covers security.
Many thanks
John
-
Indeed, our thoughts are in alignment, John. :)
-
How do you think it even came about that TP-Link don't even own the URL though? That's what I'm wondering!
Just been brushing up on my knowledge about domain parking and squatting with this article (https://www.1and1.com/digitalguide/domains/domain-administration/domain-parking-earning-money-with-domains/)...
This involves registering a domain using someone else’s brand with the intent of profiting from it by selling it to the rightful owner.
Assuming this is the case with Above.com, they must have bought it first to turn a profit, but only after the address was established. Is that right? Perhaps TP-Link assigned the use of that URL for router access first, never registered it because it's redirected to an internal IP address anyway, and it was then bought by Above.com to be taken advantage of. What do you think? Either way, it seems pretty careless!
-
Hi fluotech
Sorry, I think your getting a little confused
The part you posted refers to a third party purchasing a domain to portray themselves as another company, if I have read it correctly (I'm busy at moment so just read quickly sorry) and branding came long after domain level rollout.
Above.com is a legitimate company and tplink would be using domain privacy, which is available to all domain owners at a cost, but above.com does not own or have legal rights to use the domain.
I hope that makes sense a little
Many thanks
John
-
Hi John,
Oh I see, I must have misunderstood! So TP-Link merely bought privacy/anonymity for their domain from Above.com?
Managed to get the wrong end of the stick there, sorry.