Orbi WiFi 7 RBE973
Reply

NightHawk R7800 Router is Assigned two IPs

shiftctrl
Aspirant

NightHawk R7800 Router is Assigned two IPs

Hi All,

 

I just ran an nmap scan of a network and noticed the router is assigned two IPs (10.0.0.1 and 10.0.32.1)

Scanning open ports on 10.0.0.1 shows there a couple extra ports open compared to 10.0.32.1.

 

Anybody know what's going on here?

Model: R7800|Nighthawk X4S AC2600 Wifi Router
Message 1 of 13

Accepted Solutions
schumaku
Guru

Re: NightHawk R7800 Router is Assigned two IPs

Which of the two addresses does fit into your LAN TCP/IP subnet? Post a screenshot of the Advanced home - in case that IP does show up. Here the Nighthawk is connected to a WWAN (LTE) mobile provider, assigning RFC1918 addresses (yes, nowadays we can consider this as abuse of these IP addresses - but I'm not interested to hunt Swisscom):

 

Advanced - Router and Internet Port.PNG

 

The other suspicion is that the other IP does belong to the OpenVPN related tun0 interface - that's the IP used for a many2one NAT for OpenVPN clients accessing the router via the NATed tun(not the bridged tap). Unfortuantely, this IP is nowhere visible in the Nighthawk Web UI. Different LAN subnet here than on your router - but you are a Linux person and get the idea:

Nighthawk tap and tun interfaces.PNG


This address is also accessible from the LAN, e.g. by  using a Web browser:

 

Nighthawk access via tun IP.PNG

 

For your comparison:


# nmap 192.168.10.254

Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 11:54 Mitteleuropõische Sommerzeit
Nmap scan report for 192.168.10.254
Host is up (0.0027s latency).
Not shown: 983 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
548/tcp open afp
631/tcp open ipp
3333/tcp open dec-notes
5555/tcp open freeciv
8081/tcp open blackice-icecap
8200/tcp open trivnet1
10000/tcp open snet-sensor-mgmt
20005/tcp filtered btx
49152/tcp open unknown
49153/tcp open unknown
MAC Address: A0:04:60:xx:xx:xx (Netgear)

Nmap done: 1 IP address (1 host up) scanned in 4.59 seconds


# nmap 192.168.11.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 11:54 Mitteleuropõische Sommerzeit
Nmap scan report for 192.168.11.1
Host is up (0.0027s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
548/tcp open afp
631/tcp open ipp
3333/tcp open dec-notes
5555/tcp open freeciv
8081/tcp open blackice-icecap
8200/tcp open trivnet1
20005/tcp filtered btx

Nmap done: 1 IP address (1 host up) scanned in 4.89 seconds

 

View solution in original post

Message 10 of 13

All Replies

Re: NightHawk R7800 Router is Assigned two IPs

Those IP addresses hint at the presence of a second router on your network.

Message 2 of 13
shiftctrl
Aspirant

Re: NightHawk R7800 Router is Assigned two IPs

Yeah, that's what I initally thought - the only problem is that, the IP leads back to the gateway (same admin credentials, settings, etc..)

 

So when I go to 10.0.32.1, it takes me to same admin console with all the same settings as my 10.0.0.1 console.

 

Even if somone is spoofing my network, then how did they get my admin creds and why leave it with the same user/pass?

 

 

Message 3 of 13

Re: NightHawk R7800 Router is Assigned two IPs


@shiftctrl wrote:

 

Even if somone is spoofing my network, then how did they get my admin creds and why leave it with the same user/pass?

 


What evidence do you have that this might be happening?

 

Be a sport, tell us what the modem is in front of your router. Then we can begin to see if the first theory is, as a suspect, a more likely explanation.

 

It is all too easy to get sucked into complicated theories and interpretations when the answer is staring you in the face.

 

 

 

Message 4 of 13
shiftctrl
Aspirant

Re: NightHawk R7800 Router is Assigned two IPs

The modem is a Motorola SURFboard SB6121

Message 5 of 13
shiftctrl
Aspirant

Re: NightHawk R7800 Router is Assigned two IPs

Apologies, I made a typo earlier. I meant to say- 10.0.32.1 leads back to the first router (not gateway).


In reality that was a poor choice of words, since technically it's not "leading" back, rather it’s a web portal at that IP. I'm able to log in to the router’s web portal using either 10.0.0.1 and/or 10.0.32.1


If it was a second router (one which I hadn’t setup), all the creds and settings would be different.

Message 6 of 13
shiftctrl
Aspirant

Re: NightHawk R7800 Router is Assigned two IPs

Anyone?

Message 7 of 13
IrvSp
Master

Re: NightHawk R7800 Router is Assigned two IPs

Wondering if you have a PROXY set up? If on Windows you can see it this way:

 

  1. Select the “Start” button, then type “cmd“.
  2. Right-click “Command Prompt“, then choose “Run as Administrator“.
  3. Type “netsh winhttp show proxy“, then press “Enter“.

 

Does this happen on ALL devices you can use a Browser on?

Message 8 of 13
shiftctrl
Aspirant

Re: NightHawk R7800 Router is Assigned two IPs

Negative, no proxy. I primarily use Linux, nevertheless, I can access the router from both IPs on all devices in the building (including cellphones, tablets, laptops, etc..)

Message 9 of 13
schumaku
Guru

Re: NightHawk R7800 Router is Assigned two IPs

Which of the two addresses does fit into your LAN TCP/IP subnet? Post a screenshot of the Advanced home - in case that IP does show up. Here the Nighthawk is connected to a WWAN (LTE) mobile provider, assigning RFC1918 addresses (yes, nowadays we can consider this as abuse of these IP addresses - but I'm not interested to hunt Swisscom):

 

Advanced - Router and Internet Port.PNG

 

The other suspicion is that the other IP does belong to the OpenVPN related tun0 interface - that's the IP used for a many2one NAT for OpenVPN clients accessing the router via the NATed tun(not the bridged tap). Unfortuantely, this IP is nowhere visible in the Nighthawk Web UI. Different LAN subnet here than on your router - but you are a Linux person and get the idea:

Nighthawk tap and tun interfaces.PNG


This address is also accessible from the LAN, e.g. by  using a Web browser:

 

Nighthawk access via tun IP.PNG

 

For your comparison:


# nmap 192.168.10.254

Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 11:54 Mitteleuropõische Sommerzeit
Nmap scan report for 192.168.10.254
Host is up (0.0027s latency).
Not shown: 983 closed ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
548/tcp open afp
631/tcp open ipp
3333/tcp open dec-notes
5555/tcp open freeciv
8081/tcp open blackice-icecap
8200/tcp open trivnet1
10000/tcp open snet-sensor-mgmt
20005/tcp filtered btx
49152/tcp open unknown
49153/tcp open unknown
MAC Address: A0:04:60:xx:xx:xx (Netgear)

Nmap done: 1 IP address (1 host up) scanned in 4.59 seconds


# nmap 192.168.11.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-06 11:54 Mitteleuropõische Sommerzeit
Nmap scan report for 192.168.11.1
Host is up (0.0027s latency).
Not shown: 987 closed ports
PORT STATE SERVICE
21/tcp open ftp
53/tcp open domain
80/tcp open http
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
548/tcp open afp
631/tcp open ipp
3333/tcp open dec-notes
5555/tcp open freeciv
8081/tcp open blackice-icecap
8200/tcp open trivnet1
20005/tcp filtered btx

Nmap done: 1 IP address (1 host up) scanned in 4.89 seconds

 

Message 10 of 13
shiftctrl
Aspirant

Re: NightHawk R7800 Router is Assigned two IPs

You nailed it. Brilliant.

 

Message 11 of 13
schumaku
Guru

Re: NightHawk R7800 Router is Assigned two IPs

Thank you @shiftctrl - for curiosity, what subnet mask is set on the LAN?

Message 12 of 13
shiftctrl
Aspirant

Re: NightHawk R7800 Router is Assigned two IPs

ClassA /19

255.255.224.0

Message 13 of 13
Top Contributors
Discussion stats
  • 12 replies
  • 2842 views
  • 0 kudos
  • 4 in conversation
Announcements

Orbi WiFi 7