My no-IP account updated to a strange IP address.

[Ichinisan]

At my mother's home, I configured a WRT54G with Tomato firmware. Actually, I'm not 100% sure whether I left it configured with Tomato or DD-WRT (I've used both).

Anyway, I configured the options to update my no-ip.com account for a custom hostname (somethinglikethis.no-ip.com) so I'll be able to easily access her system remotely.

I periodically get emails from no-ip.com making me answer a captcha to keep the hostname active. I completed another one of those in April. These are not phishing emails and I'm never asked to enter my password (which is secure and unique).

Today, I wasn't able to access her system, but I noticed that the hostname was now resolving to 68.119.60.75 -which doesn't seem to have a listening HTTP, VNC, or RDC server.

What is this IP address? I tried to run a trace-route:

U:\>tracert 68.119.60.75

Tracing route to 68.119.60.75
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  172.22.8.1
  2    <1 ms    <1 ms    <1 ms  216.130.138.33
  3     4 ms     4 ms     4 ms  xe-5-3-0.edge4.atlanta2.level3.net [4.28.30.229]

  4     4 ms     4 ms     4 ms  ae-2-52.edge5.atlanta2.level3.net [4.69.150.78]

  5     4 ms     4 ms     4 ms  atl-bb1-link.telia.net [80.239.167.73]
  6    15 ms    11 ms    11 ms  cco-ic-142815-atl-bb1.c.telia.net [213.248.99.15
0]
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11    36 ms    33 ms    35 ms  68-119-60-75.static.nwnn.ga.charter.com [68.119.
60.75]

Trace complete.

U:\>_

...so it's a Charter IP, and my mother has Charter Internet service. However, her previous IPs have always been in the 24.x.x.x range, since 1999.

I've tried:

http://68.119.60.75/
http://68.119.60.75:8080/
https://68.119.60.75:8080/

I've also tried:
VNC port 5900
VNC on my secret port #

...the server never responds to these connection attempts, but it does respond to ICMP ping. What is this strange IP address?

 

[imagoon]

Call charter? They could have moved her area to another IP range also.

 

[Ichinisan]

Call charter? They could have moved her area to another IP range also.

If that were the case, I should still be able to access the router config page and the VNC server.

 

[imagoon]

If that were the case, I should still be able to access the router config page and the VNC server.

I don't know what charters exact policy is but some are pretty draconian and block in bound 80 / 8080 / 443 / RDP / mail etc. She might have that IP and she was moved in to a group that is filtered.

 

[drebo]

Logmein is so much easier. Use that.

 

[MtnMan]

...so it's a Charter IP, and my mother has Charter Internet service. However, her previous IPs have always been in the 24.x.x.x range, since 1999.

Charter has a bunch of IP ranges they provide to subscribers. If I change routers, (which changes the MAC that requests the IP address) I will be given IP's on different networks. The same can be done by changing the MAC on the WAN side of your router. I've had IPs in the 24, 60something, 70something and currently 96.37.xx.xx network, all on the same cable connection.

 

[Ichinisan]

Logmein is so much easier. Use that.

No. VNC service is always running and it's also useful for an iOS touchpad application (this is a media center HTPC). I know how to forward / translate ports and deal with client / server issues.

 

[Ichinisan]

Charter has a bunch of IP ranges they provide to subscribers. If I change routers, (which changes the MAC that requests the IP address) I will be given IP's on different networks. The same can be done by changing the MAC on the WAN side of your router. I've had IPs in the 24, 60something, 70something and currently 96.37.xx.xx network, all on the same cable connection.

Yeah. I work for a local cable ISP and we have a few IP ranges. They also change if the WAN MAC changes. We don't allow ports on one range and block them on another. On my mother's Charter connection, I don't recall getting anything other than 24.x.x.x since she first got two-way cable in 1999. There have been dozens of computers and routers through the years.

Probably just coincidence that I've never seen the other ranges. Anyway, I went over there. The IP did change. Also, they are blocking 8080. I changed to another port in the 9xxx range and it works.

What possible reason could Charter have to block port 8080? Overwhelmingly, it's used to remotely-access home routers. Just because some bozo might have a weak password, Charter blocks the standard port? Now I have to remember this semi-random port number I came up with. I'm sure that will be a problem for me.

 

[dawks]

Logmein is so much easier. Use that.

I'll second this. No port forwarding required (which might be handy in your case since its entirely possible that an ISP may choose to block in-bound to certain ports). It handles the IP address changes for you by checking in to a central server. No no-ip website to worry about logging into every month. There is a pretty good iPad app, but it is a one time $30...

Also LogMeIn Hamachi works great for file sharing.. Again no ports to open.. and creates a great VPN.

 

[dawks]

What possible reason could Charter have to block port 8080? Overwhelmingly, it's used to remotely-access home routers. Just because some bozo might have a weak password, Charter blocks the standard port? Now I have to remember this semi-random port number I came up with. I'm sure that will be a problem for me.

They've probably had a ton of support calls about customer routers being hijacked. There are plenty enough people who are lucky enough to know how to plug in a router, much less secure one.

I know my ISP blocks port 25 outbound to anything other than its servers. Keeps spam under control.

 

[CZroe]

They've probably had a ton of support calls about customer routers being hijacked. There are plenty enough people who are lucky enough to know how to plug in a router, much less secure one.

I know my ISP blocks port 25 outbound to anything other than its servers. Keeps spam under control.

Lots of ISPs block port 25 out for that very reason (causes Hell with smartphones), but no router comes configured for remote administration by default so it it does not require a user to "secure" it.

 

[dawks]

Lots of ISPs block port 25 out for that very reason (causes Hell with smartphones), but no router comes configured for remote administration by default so it it does not require a user to "secure" it.

Actually I'm sure I've heard of a few models shipping with remote access on by default.

My point was that most users aren't smart enough to have a clue about router settings. Many might start clicking around and just turn things on. "oh hey, remote administration sounds cool, let me just click this check box".

 

[CZroe]

Actually I'm sure I've heard of a few models shipping with remote access on by default.

My point was that most users aren't smart enough to have a clue about router settings. Many might start clicking around and just turn things on. "oh hey, remote administration sounds cool, let me just click this check box".

There are a few that ship with admin over wireless enabled by default, but I have NEVER seen or heard of one with remote admin by default. If so, that's pretty bad. You sure you aren't confusing wireless with remote?

 

[imagoon]

No. VNC service is always running and it's also useful for an iOS touchpad application (this is a media center HTPC). I know how to forward / translate ports and deal with client / server issues.

VNC, esp if you don't install the encryption plug ins and do not do some sort of port restriction is an easy to exploit back door. This is compounded by all the various releases that are often and varying levels of the core code.

 

[Ichinisan]

I'll second this. No port forwarding required (which might be handy in your case since its entirely possible that an ISP may choose to block in-bound to certain ports). It handles the IP address changes for you by checking in to a central server. No no-ip website to worry about logging into every month. There is a pretty good iPad app, but it is a one time $30...

Also LogMeIn Hamachi works great for file sharing.. Again no ports to open.. and creates a great VPN.

Adds latency to have another system in between.

 

[Ichinisan]

They've probably had a ton of support calls about customer routers being hijacked. There are plenty enough people who are lucky enough to know how to plug in a router, much less secure one.

I know my ISP blocks port 25 outbound to anything other than its servers. Keeps spam under control.

I've worked for an ISP in tech support for a long time and haven't seen any evidence of remote intrusion to a customer's router settings, though I have seen LAN intrusion on multiple occasions. Even if someone accesses a router that they're not supposed to, they usually don't want to disconnect the authorized user to tip them off to the intrusion. They would just change the admin password so the owner has a tough time enabling wireless security and is likely to give up and leave it unsecured.

 

[Ichinisan]

Actually I'm sure I've heard of a few models shipping with remote access on by default.

My point was that most users aren't smart enough to have a clue about router settings. Many might start clicking around and just turn things on. "oh hey, remote administration sounds cool, let me just click this check box".

Out of dozens and dozens of models I've encountered over the last 12 years, I believe I've encountered one that had remote administration enabled by default w/ a factory default password. If I recall correctly, it was a no-name brand. Even when people click around and enable remote admin, most routers refuse to allow it until the config password is changed from the factory default.

 

[imagoon]

Adds latency to have another system in between.

Once connected, logmein is machine to machine. The web server just acts like a puppeteer and makes the local client and remote client try to access each other so NAT rules get created allowing direct IP to IP connections. I find it more fluid the VNC also since it has a display accelerator.

 

[xSauronx]

Yeah. I work for a local cable ISP and we have a few IP ranges. They also change if the WAN MAC changes. We don't allow ports on one range and block them on another. On my mother's Charter connection, I don't recall getting anything other than 24.x.x.x since she first got two-way cable in 1999. There have been dozens of computers and routers through the years.

Probably just coincidence that I've never seen the other ranges. Anyway, I went over there. The IP did change. Also, they are blocking 8080. I changed to another port in the 9xxx range and it works.

What possible reason could Charter have to block port 8080?

it's a standard alternate http/s port, ive seen lots of devices other than home routers use it (like, say, a barracuda, cisco asa, etc)

logmein has a free ios app, ignition is costly but gives you extra features. i use just the regular app. and logmein runs all the time on a pc.

and instead of no-ip, consider dyndns. you can setup tomato/ddwrt to automatically keep it active so you dont have to use a captcha every once in a while.

i used to use vnc...but logmein is just easier, and faster, in my experience.

 

[Ichinisan]

it's a standard alternate http/s port, ive seen lots of devices other than home routers use it (like, say, a barracuda, cisco asa, etc)

logmein has a free ios app, ignition is costly but gives you extra features. i use just the regular app. and logmein runs all the time on a pc.

and instead of no-ip, consider dyndns. you can setup tomato/ddwrt to automatically keep it active so you dont have to use a captcha every once in a while.

i used to use vnc...but logmein is just easier, and faster, in my experience.

I believe you can do the same thing w/ no-ip.