NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

alokeprasad's avatar
alokeprasad
Mentor
Apr 05, 2019
Solved

Not able to login (locally) to R9000 X10

I cannot login to the Genie interface of my R9000.  I get the login prompt (username:admin, password) after which the browser (tried firefox, chrome, IE) all show "transferring data from 192.168.1.1"...
Troubleshooting
  • alokeprasad's avatar
    alokeprasad
    Apr 05, 2019

    It was Bitdefender's Privacy setting.  I had to add the IP address to the whitelist in Bitdefender.

alokeprasad's avatar
alokeprasad
Mentor
Apr 14, 2019

Things are working as they are supposed to:

 

My nslookup is going to my chosen DNS (cloudflare's 1.1.1.1).

routerlogin.net is not in cloudflare's (or any public DNS's) lookup table.  No public DNS can or should return local non-routable IP addresses in the 192.168.x.x range for any name lookup.

When I nslookup microsoft.com, I get legit response:

C:\WINDOWS\system32>nslookup microsoft.com
Address: 1.1.1.1

Non-authoritative answer:
Name: microsoft.com
Addresses: 40.112.72.205
40.113.200.201
104.215.148.63
13.77.161.179
40.76.4.15

 

The mystery is: how is routerlogin.net getting resolved to 192.168.1.1?

It has not been added to the hosts file.

The router is trapping this somehow and resolving it.  It is not passing it to my selected DNS (as it indeed should not).

antinode's avatar
antinode
Guru
Apr 14, 2019

> [...] routerlogin.net is not in cloudflare's (or any public DNS's)
> lookup table. [...]

 

   Sure it is:

 

ITS $ nslookup routerlogin.net 1.1.1.1
Server:  one.one.one.one
Address:  1.1.1.1

 

Non-authoritative answer:
Name:    routerlogin.net
Addresses:  52.222.218.163, 52.222.218.174, 52.222.218.243, 52.222.218.14

 

ITS $ nslookup routerlogin.net 8.8.8.8
Server:  google-public-dns-a.google.com
Address:  8.8.8.8


Non-authoritative answer:
Name:    routerlogin.net
Addresses:  13.33.140.226, 13.33.140.95, 13.33.140.159, 13.33.140.55

 

   These are not the LAN IP address of your router, but the look-up
should succeed.  (Else, how would anyone get to those misleading/useless
error pages?)

 

   Using the router as the DNS server, you should get the router's LAN
IP address:

 

ITS $ nslookup routerlogin.net 10.0.0.1
Server:  www.routerlogin.com
Address:  10.0.0.1

 

Non-authoritative answer:
Name:     routerlogin.net
Address:  10.0.0.1


> [...] The router is trapping this somehow and resolving it. [...]

 

   Yes.  It's a design feature.  It allows a user to use a single method
to talk to a Netgear router management web site, without knowing what
that router has chosen for its LAN IP address.

  • schumaku's avatar
    schumaku
    Guru - Experienced User
    Apr 15, 2019

    Not sure yet why alokeprasad  nslookup test from above does fail (without an Internet connection) resp. does return an error or the public IP addresses.

     

    Needless to say, an active business, privacy, or hide-my-a** VPN, or the presence of DNScrypt (e.g. also as a plug-in in a browser) does prohibit this MITM-like behaviour. 

     

    In general, the Netgear routers and wireless extenders are intercepting DNS queries for the domain(s) these devices [like e.g. routerlogin.net/.com for routers, orbilogin.net./.com for Orbi, mywifiext.net/.com for extenders, ..], and forging a query response supposeldy coming from that same IP address queried - that's all:

     



    Aside, what I don't understand, is why Netgear does not use the same DNS based mechanism instead of the HTTP one for their consumer device domain URL and URL keyword filtering - that would to some extent cover then HTTPS, too. But that's probably to much of a design change.