[SGVLUG] ATT's 2wire products are braindead

Christopher Smith cbsmith at gmail.com
Thu Aug 1 10:30:58 PDT 2013 

FYI, most 2Wire products have a feature of bridging to another router.
Setting up OpenWRT or DD-WRT or some such and bridging it to the 2Wire will
give you MUCH nicer firewalling options.

I didn't see mention of which model of 2Wire router you have. That would
make it much easier to help you out.


On Wed, Jul 31, 2013 at 3:53 PM, Claude Felizardo <cafelizardo at gmail.com>wrote:

> Okay, it took me a while to figure out how to access my DSL modem at home
> remotely - I have an entry in my .ssh/config to forward port 9001 to the
> router, but I couldn't remembered the URL to use to get to the management
> and diagnostic console on my 2wire box  (It was localhost:9001/mdc which
> was in my bookmarks of course!)
>
> Anyway, I'm not seeing my port 22 attempts to log in so it's still blocked
> presumably by the modem.  With my old netgear RT311 router I used to log
> everything but lost that ability when I "upgraded" to a 2wire DSL
> modem/router from my original Alcatel modem.
>
> Hmm, looks like I'm seeing some syn/fin ddos attacks I'll have to
> investigate.  But I see the ipprot=6 that was mentioned in the original
> post but I believe that means IP protocol 6 which is TCP, not to be
> confused with IPv6.  ipprot=1 is used by ping and traceroute, ipprot=17 is
> UDP.
>
> I was going to try and add port 22 for a short test but I don't remember
> how to edit the "applications"?  I can see that I have defined custom
> services for my port knocking ports, weather station and others, how to
> create new ones but dont see an option to edit.
>
> Claude
>
>
>
> On Wed, Jul 31, 2013 at 12:59 PM, Claude Felizardo <cafelizardo at gmail.com>wrote:
>
>> Matt, it's not clear from your original email if you trying to ssh
>> inbound to your house or outbound.
>> What has changed since you were last able to use ssh?  Server at home?
>>  Different ISP or switched to Uverse from something else like DSL or cable?
>>
>> I long ago decided to block port 22 and use a non standard port that will
>> only work from specific hosts/domains using a combination of shorewall and
>> /etc/hosts.allow.  I also use port knocking if I want to connect from
>> unexpected sites.  Never got around to setting up automatic blacklists for
>> DDoS attacks as I haven't had any problems (knock on wood).
>>
>> Claude
>>
>>
>> On Wed, Jul 31, 2013 at 12:40 PM, Scott Packard <spackard at gmail.com>wrote:
>>
>>> Any chance AT&T blocks incoming port 22, but would allow it if you
>>> phoned and asked for it to be enabled?
>>>
>>> Back when I used their DSL, they allowed, then without notice blocked,
>>> inbound port 25.  Later, they said I could have phoned them and asked for
>>> it to be unblocked, but by then I'd had enough.
>>>
>>> Regards, Scott
>>>
>>>
>>> On Wed, Jul 31, 2013 at 12:09 PM, Matthew Campbell <dvdmatt at gmail.com>wrote:
>>>
>>>> Thanks Dan.  Unfortunately AT&Ts new modems have had all useful
>>>> features castrated.  I spent hours looking, talking to techs and eventually
>>>> to the manufacturer to verify that menu no longer exists.
>>>>
>>>> Rae, thank you for the ideas, I'll give it a shot tonight.  I am using
>>>> SSH from an IPv4 only platform, but with current security paranoia I don't
>>>> think I can verify that AT&T is not routing me over IPv6 on the way.  I
>>>> don't know of a way to hook up a laptop outside the firewall to test.
>>>>
>>>> Does anyone know if uVerse is IPv6 only?
>>>>
>>>> Matt
>>>>  On Jul 29, 2013 7:10 PM, "Dan Buthusiem" <dan.buthusiem at gmail.com>
>>>> wrote:
>>>>
>>>>> What are the model and firmware for your router? There used to be a
>>>>> hidden menu in the 2701 HG-B, but the firmware still ignored those
>>>>> settings, anyway. My experience with 2Wire is that they make their products
>>>>> with AT&T's desires in mind, which comes at the expense of anyone with any
>>>>> amount of technical know-how who may be stuck using their products. YMMV.
>>>>> That being said, I'll take a stab anyway. :)
>>>>>
>>>>>
>>>>> On Mon, Jul 29, 2013 at 5:36 PM, Rae Yip <rae.yip at gmail.com> wrote:
>>>>>
>>>>>> Double-check that your ssh client isn't attempting to use IPv6 or
>>>>>> something. (Note the ipprot=6 in your logs)
>>>>>>
>>>>>> Also, ssh -vv is often helpful.
>>>>>>
>>>>>> -Rae.
>>>>>> On Jul 29, 2013 4:48 PM, "Lakestake Rocketry" <lakestake at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Good afternoon,
>>>>>>>
>>>>>>> I am trying to get SSH through my firewall at home.  I have set up a
>>>>>>> port redirect to senge, but I get a timeout when I connect to the port with
>>>>>>> ssh.  The following messages appear in the firewall log.  It looks like the
>>>>>>> first packet is being passed through, then following packets are being
>>>>>>> blocked...  Any ideas?  All Google gives me is a long list of people with
>>>>>>> similar problems.
>>>>>>>
>>>>>>> Matthew Campbell
>>>>>>>
>>>>>>>
>>>>>>> ---------- Forwarded message ----------
>>>>>>> INF 2013-07-26T20:15:42-07:00 fw src=162.200.153.165 dst=172.28.1.2
>>>>>>> ipprot=6 sport=40058 dport=22 Session Matches User Pinhole, Packet Passed
>>>>>>> INF 2013-07-26T20:15:42-07:00 fw src=162.200.153.165 dst=172.28.1.2
>>>>>>> ipprot=6 sport=40058 dport=22 Drop traffic to 172.16.0.0/12
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>
>>
>


-- 
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20130801/93abede7/attachment-0001.html>

More information about the SGVLUG mailing list