- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Recently, I started having issues accessing the https://my.t-mobile.com/ site. For example, my Google Chrome browser displays the following errors:
Your connection is not private
Attackers might be trying to steal your information from my.t-mobile.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is my.t-mobile.com; its security certificate is from search.dnsadvantage.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
My G1100 broadband connection's DNS Servers are configured to use Norton ConnectSafe (see https://dns.norton.com/). I had followed the instructions at https://www.verizon.com/support/consumer/internet/opt-out-of-dns-assist/fios-quantum-gateway to configure my G1100 with ConnectSafe's IP addresses 199.85.126.20 and 199.85.127.20.
When configured to use ConnectSafe, my G1100 returns the following incorrect IP addresses for my.t-mobile.com: 156.154.175.216 and 156.154.176.216
What's even more disturbing, is that those returned IP addresses do not appear to come from the ConnectSafe servers. If I query the ConnectSafe servers directly for the IP address of my.t-mobile.com, the 199.85.126.20 server returns 199.83.128.144 and the 199.85.127.20 server returns 192.230.66.144. On Windows, I queried the servers using the "nslookup my.t-mobile.com 199.85.126.20" and "nslookup my.t-mobile.com 199.85.127.20" commands. On Linux, I queried the servers using the "dig my.t-mobile.com @199.85.126.20" and "dig my.t-mobile.com @199.85.127.20" commands.
I have a Netgear router in my network. If I configure my Netgear router to use ConnectSafe, my Netgear router returns the 192.230.66.144 IP address and I'm able to access the https://my.t-mobile.com/ site without issues. This makes me think the issue is with my G1100.
If I configure my G1100 to use either Google's servers (8.8.8.8 and 8.8.8.4) or OpenDNS's servers (208.67.222.222 and 208.67.220.220), the G1100 returns the 199.83.128.144 IP address and I'm able to access the https://my.t-mobile.com/ site without issues. It seems that my G1100 has issues only with the ConnectSafe servers.
I did notice that Google's servers and OpenDNS's servers respond to pings whereas the ConnectSafe servers do not respond to pings, but I don't know why that would matter to the G1100.
By the way, my G1100 has firmware version 1.3.0.47.64.
Does anybody have any idea why the G1100 has issues with the ConnectSafe DNS servers?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@piggletee wrote:Recently, I started having issues accessing the https://my.t-mobile.com/ site. For example, my Google Chrome browser displays the following errors:
Your connection is not private
Attackers might be trying to steal your information from my.t-mobile.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
This server could not prove that it is my.t-mobile.com; its security certificate is from search.dnsadvantage.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
My G1100 broadband connection's DNS Servers are configured to use Norton ConnectSafe (see https://dns.norton.com/). I had followed the instructions at https://www.verizon.com/support/consumer/internet/opt-out-of-dns-assist/fios-quantum-gateway to configure my G1100 with ConnectSafe's IP addresses 199.85.126.20 and 199.85.127.20.
When configured to use ConnectSafe, my G1100 returns the following incorrect IP addresses for my.t-mobile.com: 156.154.175.216 and 156.154.176.216
What's even more disturbing, is that those returned IP addresses do not appear to come from the ConnectSafe servers. If I query the ConnectSafe servers directly for the IP address of my.t-mobile.com, the 199.85.126.20 server returns 199.83.128.144 and the 199.85.127.20 server returns 192.230.66.144. On Windows, I queried the servers using the "nslookup my.t-mobile.com 199.85.126.20" and "nslookup my.t-mobile.com 199.85.127.20" commands. On Linux, I queried the servers using the "@dig my.t-mobile.com @199.85.126.20" and "@dig my.t-mobile.com @199.85.127.20" commands.
I have a Netgear router in my network. If I configure my Netgear router to use ConnectSafe, my Netgear router returns the 192.230.66.144 IP address and I'm able to access the https://my.t-mobile.com/ site without issues. This makes me think the issue is with my G1100.
If I configure my G1100 to use either Google's servers (8.8.8.8 and 8.8.8.4) or OpenDNS's servers (208.67.222.222 and 208.67.220.220), the G1100 returns the 199.83.128.144 IP address and I'm able to access the https://my.t-mobile.com/ site without issues. It seems that my G1100 has issues only with the ConnectSafe servers.
I did notice that Google's servers and OpenDNS's servers respond to pings whereas the ConnectSafe servers do not respond to pings, but I don't know why that would matter to the G1100.
By the way, my G1100 has firmware version 1.3.0.47.64.
Does anybody have any idea why the G1100 has issues with the ConnectSafe DNS servers?
This is not a problem between the G1100 and ConnectSafe. You easily discounted that when you mentioned Google and OpenDNS works correctly. This is actually something that's been known to happen with Norton ConnectSafe and here's a report right here (very first result):
http://status.duocircle.com/incidents/nnfmlnlcnmdl
ConnectSafe has resolved certain addresses to the NeuStar IPv4 Allocation before and that's what you are experincing now.
Here's my connection with the Verizon non-DNS hijacking servers (the .14's which always outperform Google and OpenDNS)
Microsoft Windows [Version 10.0.14316] (c) 2016 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>nslookup my.t-mobile.com Server: [REMOVED] Address: [REMOVED] Non-authoritative answer: Name: 26e7o.x.incapdns.net Address: 199.83.128.144 Aliases: my.t-mobile.COm
Via NTT Communications from my own enterprise's network:
******************************** WARNING ******************************** root@server [~]# dig my.t-mobile.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.7 <<>> my.t-mobile.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36170 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;my.t-mobile.com. IN A ;; ANSWER SECTION: my.t-mobile.com. 900 IN CNAME 26e7o.x.incapdns.net. 26e7o.x.incapdns.net. 300 IN A 199.83.132.144 ;; Query time: 111 msec ;; SERVER: 10.0.80.11#53(10.0.80.11) ;; WHEN: Sat Apr 9 10:39:25 2016 ;; MSG SIZE rcvd: 83
This is something that has to be straightened out between Symantec, NeuStar, and T-Mobile.
To be clear, nothing distubring is actually going on here. This is a problem; an unintentional one at that and has nothing to do with Verizon.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the info on the duocircle incident. I've forwarded that info onto Symantec.
I'd still like to understand why the Netgear router gets a valid my.t-mobile.com IP address from the ConnectSafe servers, but the G1100 does not.