[SGVLUG] ATT's 2wire products are braindead

Claude Felizardo cafelizardo at gmail.com
Wed Jul 31 15:53:34 PDT 2013 

Okay, it took me a while to figure out how to access my DSL modem at home
remotely - I have an entry in my .ssh/config to forward port 9001 to the
router, but I couldn't remembered the URL to use to get to the management
and diagnostic console on my 2wire box  (It was localhost:9001/mdc which
was in my bookmarks of course!)

Anyway, I'm not seeing my port 22 attempts to log in so it's still blocked
presumably by the modem.  With my old netgear RT311 router I used to log
everything but lost that ability when I "upgraded" to a 2wire DSL
modem/router from my original Alcatel modem.

Hmm, looks like I'm seeing some syn/fin ddos attacks I'll have to
investigate.  But I see the ipprot=6 that was mentioned in the original
post but I believe that means IP protocol 6 which is TCP, not to be
confused with IPv6.  ipprot=1 is used by ping and traceroute, ipprot=17 is
UDP.

I was going to try and add port 22 for a short test but I don't remember
how to edit the "applications"?  I can see that I have defined custom
services for my port knocking ports, weather station and others, how to
create new ones but dont see an option to edit.

Claude



On Wed, Jul 31, 2013 at 12:59 PM, Claude Felizardo <cafelizardo at gmail.com>wrote:

> Matt, it's not clear from your original email if you trying to ssh inbound
> to your house or outbound.
> What has changed since you were last able to use ssh?  Server at home?
>  Different ISP or switched to Uverse from something else like DSL or cable?
>
> I long ago decided to block port 22 and use a non standard port that will
> only work from specific hosts/domains using a combination of shorewall and
> /etc/hosts.allow.  I also use port knocking if I want to connect from
> unexpected sites.  Never got around to setting up automatic blacklists for
> DDoS attacks as I haven't had any problems (knock on wood).
>
> Claude
>
>
> On Wed, Jul 31, 2013 at 12:40 PM, Scott Packard <spackard at gmail.com>wrote:
>
>> Any chance AT&T blocks incoming port 22, but would allow it if you phoned
>> and asked for it to be enabled?
>>
>> Back when I used their DSL, they allowed, then without notice blocked,
>> inbound port 25.  Later, they said I could have phoned them and asked for
>> it to be unblocked, but by then I'd had enough.
>>
>> Regards, Scott
>>
>>
>> On Wed, Jul 31, 2013 at 12:09 PM, Matthew Campbell <dvdmatt at gmail.com>wrote:
>>
>>> Thanks Dan.  Unfortunately AT&Ts new modems have had all useful features
>>> castrated.  I spent hours looking, talking to techs and eventually to the
>>> manufacturer to verify that menu no longer exists.
>>>
>>> Rae, thank you for the ideas, I'll give it a shot tonight.  I am using
>>> SSH from an IPv4 only platform, but with current security paranoia I don't
>>> think I can verify that AT&T is not routing me over IPv6 on the way.  I
>>> don't know of a way to hook up a laptop outside the firewall to test.
>>>
>>> Does anyone know if uVerse is IPv6 only?
>>>
>>> Matt
>>>  On Jul 29, 2013 7:10 PM, "Dan Buthusiem" <dan.buthusiem at gmail.com>
>>> wrote:
>>>
>>>> What are the model and firmware for your router? There used to be a
>>>> hidden menu in the 2701 HG-B, but the firmware still ignored those
>>>> settings, anyway. My experience with 2Wire is that they make their products
>>>> with AT&T's desires in mind, which comes at the expense of anyone with any
>>>> amount of technical know-how who may be stuck using their products. YMMV.
>>>> That being said, I'll take a stab anyway. :)
>>>>
>>>>
>>>> On Mon, Jul 29, 2013 at 5:36 PM, Rae Yip <rae.yip at gmail.com> wrote:
>>>>
>>>>> Double-check that your ssh client isn't attempting to use IPv6 or
>>>>> something. (Note the ipprot=6 in your logs)
>>>>>
>>>>> Also, ssh -vv is often helpful.
>>>>>
>>>>> -Rae.
>>>>> On Jul 29, 2013 4:48 PM, "Lakestake Rocketry" <lakestake at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Good afternoon,
>>>>>>
>>>>>> I am trying to get SSH through my firewall at home.  I have set up a
>>>>>> port redirect to senge, but I get a timeout when I connect to the port with
>>>>>> ssh.  The following messages appear in the firewall log.  It looks like the
>>>>>> first packet is being passed through, then following packets are being
>>>>>> blocked...  Any ideas?  All Google gives me is a long list of people with
>>>>>> similar problems.
>>>>>>
>>>>>> Matthew Campbell
>>>>>>
>>>>>>
>>>>>> ---------- Forwarded message ----------
>>>>>> INF 2013-07-26T20:15:42-07:00 fw src=162.200.153.165 dst=172.28.1.2
>>>>>> ipprot=6 sport=40058 dport=22 Session Matches User Pinhole, Packet Passed
>>>>>> INF 2013-07-26T20:15:42-07:00 fw src=162.200.153.165 dst=172.28.1.2
>>>>>> ipprot=6 sport=40058 dport=22 Drop traffic to 172.16.0.0/12
>>>>>>
>>>>>>
>>>>>>
>>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://sgvlug.net/pipermail/sgvlug/attachments/20130731/6b56d050/attachment-0001.html>

More information about the SGVLUG mailing list