× NETGEAR will be terminating ReadyCLOUD service by July 1st, 2023. For more details click here.
Orbi WiFi 7 RBE973
Reply

Remote access saga

jcs1
Follower

Remote access saga

When netgear support need telnet access to a device inside a private network, they should be able to inform the customer of which IP address they will be connecting from. It's not a big demand: I'm telling you my IP address, you should be able to tell me yours. The reason that this information is needed is so that when I poke a hole in my firewall, I can do it specifically for your IP, rather than opening it up so that anybody could connect. This is especially important when the device is running a factory default password.

Malicious people can and do scan around for open ports, and try some well known default usernames/passwords on them. If you think I'm being paranoid, I'm not -- my firewall logs show malicious attempts to connect to port 23 (amongst others) on a regular basis.

I can't seem to get the netgear support rep I'm dealing with to understand this -- he insists that their IP address is somehow unknowable and that I must open the port without restricting by IP. It's one thing for netgear to suggest an insecure practice. It's quite another for them to outright demand it. I understand that an L2 rep probably don't know offhand what IP an L3 rep is going to connect from. But would it be so hard to pick up the phone and ask?

I expect I'm going to get a response telling me that this is standard procedure -- what I'm suggesting is that it's a *bad* procedure and it should be changed.
Message 1 of 2
sphardy1
Apprentice

Re: Remote access saga

Given how corporate networks are setup, and engineers being in different parts of the world, it may actually be extremely difficult for Netgear support to give you the specific IP address they will use. The L2 engineer probably doesn't know who will pick up the case so suggesting they call and find out the info you request hits an immediate hurdle.

As you are already willing trusting an unknown Netgear employee to access your NAS, as a compromise, perhaps you could limit access to the Netgear.com domain? That should contain the source IP
Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 4688 views
  • 1 kudo
  • 2 in conversation
Announcements