Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Oops, TP-Link  (Read 7372 times)

Dray

  • Kitizen
  • ****
  • Posts: 2361
Oops, TP-Link
« on: July 04, 2016, 01:14:59 PM »

Looks like TP-Link forgot to renew their domain
Quote
TP-Link routers exposed to potential security flaw after domain registration lapses
http://www.neowin.net/news/tp-link-routers-exposed-to-potential-security-flaw-after-domain-registration-lapses
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Oops, TP-Link
« Reply #1 on: July 05, 2016, 09:16:59 AM »

How odd.  The domain expired on 31st May 2016.

From that link it says:
Quote
As for now, the company decided to make minor fixes. Yet - they don't like to buy the domain from the unknown seller, for now.

Yet all .net domains are supposed to go through a period of grace before they can be resold.  According to ICANN

Quote
Once your domain has expired, it will be in Auto-Renew Grace Period (for 0-45 days), followed by a 30-day Redemption Grace Period. At the end of the Redemption Grace Period, you will not be able to renew your domain name. Your domain name will be released for registration by third parties.

So theoretically the domain should still be within the additional 30 day Redemption Grace Period.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Oops, TP-Link
« Reply #2 on: July 05, 2016, 09:44:54 AM »

Hmm..  digging further

Quote
We did some further investigation of http://tplinklogin.net/ on IRC today, and came to the surprising discovery that the domain doesn't even belong to TP-Link! The whois information shows:
    Domain Name: TPLINKLOGIN.NET

    Registrant:
        Above.com Domain Privacy
        8 East concourse
        Beaumaris
        VIC
        3193
        AU
        tplinklogin.net@privacy.above.com
        Tel. +61.390057904

Now doubtless this is a domain name squatter, but what a stupid thing for TP-Link to do: require specific topology for configuration, use a name instead of a (shorter) IP address for the device, and then not even own the domain! I'm amazed.

This is from 28 Apr 2013


-------

ETA   Just read the readers comments below the neowin article.   Looks like above.net have always owned it.
 :lol:
« Last Edit: July 05, 2016, 09:59:20 AM by kitz »
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Oops, TP-Link
« Reply #3 on: July 05, 2016, 09:54:23 AM »

Hi Kitz

Sorry, my eyesight is not what it was and mobiles are becoming too small for eyes but, I've just checked on that domain and the empties rio date is 31/05/2017.

So it was renewed for a year prior to expiration

The domain has hidden owner details, which is called domain privacy

So I am not clear as to why it is believed to have been purchased by a third party

Many thanks

John

# WHOIS tplinklogin.net

Domain Name: TPLINKLOGIN.NET
Registry Domain ID: 1659046272_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.above.com
Registrar URL: http://www.above.com
Updated Date: 2011-05-31 14:48:23.195589+10
Creation Date: 2011-05-31 14:48:23.195589+10
Registrar Registration Expiration Date: 2017-05-31 14:48:23.195589+10
Registrar: ABOVE.COM PTY LTD.
Registrar IANA ID: 940
Registrar Abuse Contact Email: abuse@above.com
Registrar Abuse Contact Phone: +61.390164107
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: above_privacy
Registrant Name: Above.com Domain Privacy
Registrant Organization: Above.com Domain Privacy
Registrant Street: 8 East concourse
Registrant City: Beaumaris
Registrant State/Province: VIC
Registrant Postal Code: 3193
Registrant Country: AU
Registrant Phone: +61.390164107
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: tplinklogin.net@privacy.above.com
Registry Admin ID: above_privacy
Admin Name: Above.com Domain Privacy
Admin Organization: Above.com Domain Privacy
Admin Street: 8 East concourse
Admin City: Beaumaris
Admin State/Province: VIC
Admin Postal Code: 3193
Admin Country: AU
Admin Phone: +61.390164107
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: tplinklogin.net@privacy.above.com
Registry Tech ID: above_privacy
Tech Name: Above.com Domain Privacy
Tech Organization: Above.com Domain Privacy
Tech Street: 8 East concourse
Tech City: Beaumaris
Tech State/Province: VIC
Tech Postal Code: 3193
Tech Country: AU
Tech Phone: +61.390164107
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: tplinklogin.net@privacy.above.com
Name Server: ns3.above.com
Name Server: ns4.above.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/
>>> Last update of WHOIS database: 2011-05-31 14:48:23.195589+10  <<<

The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is", and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The Registrar of record is Above.com, Pty. Ltd. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Oops, TP-Link
« Reply #4 on: July 05, 2016, 10:14:13 AM »

I edited my post above to say I'd just read the reader comments on neowin, before I saw your post.

Above.net appear to specialise in parked domains and privacy..  so like you say, not sure either how its been ascertained its in the hands of a third party.
It looks like all of their pages say "This domain may be for sale".

Says the same for mine - yet my expiry date according to nominet -  Expiry date:  15-Mar-2025

A reader on neowin confirmed that tplinklogin.net is still working on his router and as someone else said  "The router does a DNS redirect within the network and points you to the LAN interface IP of the router. This url does not provide remote management of the device.".

Read the user comments below the article which explains it better.
I think someone summed it up as
Quote
*scraches head* the slogan of this site is or was "Where unprofessional journalism looks better" so how much less professional can you get?

Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

broadstairs

  • Kitizen
  • ****
  • Posts: 3697
Re: Oops, TP-Link
« Reply #5 on: July 05, 2016, 10:19:16 AM »

As Kitz has quoted it would seem that the domain only works on your local lan and is re-directed to the internal lan IP for your router. It does not appear to connect to your router from the Internet. This is what puzzled me since there are 1000's of TP-Link routers and one domain on its own could not allow remote access to these unless it had some intelligence behind it. So this is a non story from a security point of view, in my view TP-Link did not think things out by using what looked like a real domain name for this.

Stuart
Logged
ISP:Vodafone Router:Vodafone Wi-Fi hub FTTP

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Oops, TP-Link
« Reply #6 on: July 05, 2016, 11:00:16 AM »

Hi

I see nothing wrong with the use of a real domain, as long as the real domain is owned in full by the company

We use real subdomain for external workers and internal workers, we use DNS redirect at router level, which means using the subdomain works both external (over the Internet) and internally (over the LAN), with no modification of settings for programs etc...

Lastly, usually where a domain has been parked, all domains which are parked use the same holding page

I wonder if this is connected with driving traffic to tplink or increase awareness (knowing that it would quickly become apparent there is no issue)

Many thanks

John
Logged

j0hn

  • Kitizen
  • ****
  • Posts: 4093
Re: Oops, TP-Link
« Reply #7 on: July 05, 2016, 03:37:09 PM »

they do something very similar with http://tplinkrepeater.net for my TL-WR860RE Wi-Fi range extender. When I'm connected to the range extender, visiting that url redirects me to the internal ip address, therefore loading the login page to configure the WiFi extender. If I'm not connected to the extenders SSID then it simply loads a website. not very professional, but not a huge security risk
Logged
Talktalk FTTP 550/75 - Speedtest - BQM

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Oops, TP-Link
« Reply #8 on: July 05, 2016, 07:29:21 PM »

As I am currently using a TP-Link Archer VR900, I thought a quick experiment might be interesting as I have changed the default IPv4 address of the device to suit my LAN. On entering the string tplinklogin.net in the browser's address bar, it is automagically changed to http://ww1.tplinklogin.net/ and the following is displayed --

Quote
tplinklogin.net

Related Searches

Buy this domain

This domain may be for sale

This page provided to the domain owner free by Sedo's Domain Parking. Disclaimer: Domain owner and Sedo maintain no relationship with third party advertisers. Reference to any specific service or trade mark is not controlled by Sedo or domain owner and does not constitute or imply its association, endorsement or recommendation.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Oops, TP-Link
« Reply #9 on: July 05, 2016, 08:22:15 PM »

Hi burakkucat

I myself think this makes sense given the number of devices which would have their LAN side changed

The parked domain is not a threat and users cannot go any further, not can they buy the domain - even if they submitted a bid or displayed interest in buying. I doubt very much tplink would sell.

It may have been better though, if the code was able to update the rewrite DNS but above covers security.

Many thanks

John
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Oops, TP-Link
« Reply #10 on: July 05, 2016, 08:53:26 PM »

Indeed, our thoughts are in alignment, John.  :)
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

fluotech

  • Member
  • **
  • Posts: 14
Re: Oops, TP-Link
« Reply #11 on: July 13, 2016, 01:31:57 PM »

How do you think it even came about that TP-Link don't even own the URL though? That's what I'm wondering!
Just been brushing up on my knowledge about domain parking and squatting with this article...
Quote
This involves registering a domain using someone else’s brand with the intent of profiting from it by selling it to the rightful owner.

Assuming this is the case with Above.com, they must have bought it first to turn a profit, but only after the address was established. Is that right? Perhaps TP-Link assigned the use of that URL for router access first, never registered it because it's redirected to an internal IP address anyway, and it was then bought by Above.com to be taken advantage of. What do you think? Either way, it seems pretty careless!
Logged

d2d4j

  • Kitizen
  • ****
  • Posts: 1103
Re: Oops, TP-Link
« Reply #12 on: July 13, 2016, 01:48:51 PM »

Hi fluotech

Sorry, I think your getting a little confused

The part you posted refers to a third party purchasing a domain to portray themselves as another company, if I have read it correctly (I'm busy at moment so just read quickly sorry) and branding came long after domain level rollout.

Above.com is a legitimate company and tplink would be using domain privacy, which is available to all domain owners at a cost, but above.com does not own or have legal rights to use the domain.

I hope that makes sense a little

Many thanks

John
Logged

fluotech

  • Member
  • **
  • Posts: 14
Re: Oops, TP-Link
« Reply #13 on: July 15, 2016, 10:05:18 AM »

Hi John,

Oh I see, I must have misunderstood! So TP-Link merely bought privacy/anonymity for their domain from Above.com?
Managed to get the wrong end of the stick there, sorry.
Logged