Difference between revisions of "Modem BBox-2"
m (→web interface) |
m (→UPnP) |
||
Line 282: | Line 282: | ||
==UPnP== |
==UPnP== |
||
By default the modem has a UPnP IGD profile and I don't see how to disable it. |
By default the modem has a UPnP IGD profile and I don't see how to disable it. |
||
+ | <br>'''EDIT''': actually it's possible by logging first as admin then entering the pseudo-URL "javascript:mimic_button('goto: 900..')" |
||
<br>If you use Skype this means Skype will tell the modem to open some ports and Skype will be reachable directly from Internet which means you become a relay-node and this can generate a lot of traffic! |
<br>If you use Skype this means Skype will tell the modem to open some ports and Skype will be reachable directly from Internet which means you become a relay-node and this can generate a lot of traffic! |
||
<br>One way to avoid it is to locally block the UPnP discovery multicast packets of Skype, e.g.: |
<br>One way to avoid it is to locally block the UPnP discovery multicast packets of Skype, e.g.: |
||
Line 289: | Line 290: | ||
<br><br> |
<br><br> |
||
If you are using Windows, you can [http://www.mydigitallife.info/2009/08/27/how-to-disable-upnp-in-skype-to-remove-open-tcp-and-udp-ports-in-firewall/ disable UPnP directly in Skype] from version 4.0 |
If you are using Windows, you can [http://www.mydigitallife.info/2009/08/27/how-to-disable-upnp-in-skype-to-remove-open-tcp-and-udp-ports-in-firewall/ disable UPnP directly in Skype] from version 4.0 |
||
+ | |||
==Misc info== |
==Misc info== |
||
* http://www.ripperjack.info/b-boxandco/ (french) |
* http://www.ripperjack.info/b-boxandco/ (french) |
Revision as of 14:10, 3 February 2010
Description
This is the default modem coming with Belgacom internet solutions in Belgium.
It allows SIP and IPTV.
It's a Sagem F@st 3464 (even if the box looks different), running a customized version of Jungo Openrg.
Version information, as visible on the web interface:
Runtime Code Version 6001GR-6000GR Hardware Version 1 Serial Num LK12345DP123456 VDSL Version Firmware-VTU-R:1.0.7r57bIK105012 Time Dec 27 2007, 18:50:21
VDSL sync:
Downstream line rate 21648 kbps Upstream line rate 2848 kbps Downstream Training Margin 19.1 dB
test Speedtest.nl:
Downstream line rate 11Mbps Upstream line rate 1Mbps
Exploration
A number of services & ports are available:
web interface
You can reach it via any of those addresses:
HTTPS offers a OpenRG SSL certificate, to be explicitly accepted by your browser to go further...
Admin settings menu:
If you're logging as admin rather than user as default, you'll get an extra menu:
This allows to save and restore the whole configuration and to upload new firmwares, if any.
Once you get a dump of the configuration you can try manipulating it, there is a guide here(pdf) or here(pdf)
Other pages might be accessible, cf this thread (french) or this page (french) for the LiveBox.
For the BBox2, here is a list of pages which work properly, translated from here
- 40 about
- 50 Plan du réseau
- 60 Vue de liste du réseau
- 70 Fichier de configuration
- 110 Date et heure
- 730 tableau de commandes avancées
- 750 Système (durée de fonctionnement)
- 900 Plug and Play universel
- 1040 Assistant de Connexion
- 1210 Copie de Mac Address
- 1280 RADIUS
- 9035 DNS Dynamique
Usage: log first as admin as explained before, then enter the pseudo-URL
javascript:mimic_button('goto: **..')
where ** represents the page number.
memory sharing
Apparently you may connect a USB harddrive to the BBox-2 and share its content as with a NAS.
-> /mnt/usb internally
A webserver (lighttpd) would then expose the content via:
Or if via the admin menu, you enable memory sharing, we get the same via a WAN (accessible outside too!) https:
HTTPS offers a Sagem certificate
telnet
- telnet on 192.168.1.1 port 23 and port 8023
- telnet SSL on port 992
- login admin password BGCVDSL2
- (TODO: try user/user)
If you type the command "shell" you'll get a shell prompt and a busybox environment ;-)
[admin @ home]$ ver Version: 4.0.21.3.3.1.32.1.1.1.6.Fast3464.60.00.GR Platform: Sagem F@ST346X Compilation Time: 02-Mar-09 17:18:02 [admin @ home]$ shell BusyBox v1.01 (2009.02.19-21:18+0100) Built-in shell (ash) Enter 'help' for a list of built-in commands. # cat /proc/version Linux version 2.6.15 #24 Mon Mar 2 18:21:25 CET 2009 # # cat /proc/cpuinfo system type : ADI Fusiv Core processor : 0 cpu model : Lexra LX4189 V0.0 BogoMIPS : 199.47 wait instruction : no microsecond timers : no tlb_entries : 64 extra interrupt vector : no hardware watchpoint : no ASEs implemented : VCED exceptions : not available VCEI exceptions : not available # ps PID Uid VmSize Stat Command 1 0 652 S /bin/init 2 0 SWN [ksoftirqd/0] 3 0 SW< [events/0] 4 0 SW< [khelper] 5 0 SW< [kthread] 8 0 SW< [kblockd/0] 11 0 SW< [khubd] 35 0 SW [pdflush] 36 0 SW [pdflush] 38 0 SW< [aio/0] 37 0 SW [kswapd0] 559 0 SW [mtdblockd] 574 0 4436 S /bin/openrg 629 0 SWN [jffs2_gcd_mtd1] 677 0 348 S /bin/sh /etc/vdsl.sh 680 0 2208 S vdsld 686 0 560 S /bin/main_autom /etc/process_list.dat 2 9 687 0 560 S /bin/main_autom /etc/process_list.dat 2 9 688 0 560 S /bin/main_autom /etc/process_list.dat 2 9 689 0 2208 S vdsld 690 0 2208 S vdsld 691 0 2208 S vdsld 692 0 2208 S vdsld 693 0 2208 S vdsld 694 0 2208 S vdsld 695 0 2208 S vdsld 696 0 2208 S vdsld 697 0 2208 S vdsld 753 0 4436 D /bin/openrg 752 0 SW [idmaThread] 754 0 424 S hostapd /etc/hostapd.conf.eth2 757 0 764 S /bin/watchdog 758 0 560 S /bin/main_autom /etc/process_list.dat 2 9 772 0 228 S /usr/local/bin/syncloop 777 0 644 S /usr/local/sbin/lighttpd -f /mnt/ffs/A/lighttpd.conf 781 0 388 S /bin/igmpsnoop -i eth0 -l 30 -c 0x10080 -v -t 782 0 380 S /bin/oam start 5 783 0 688 S /bin/prod_autom /etc/process_list.dat 5 5 786 0 296 S /bin/syslogd-sa -b 787 0 380 S /bin/oam start 5 788 0 688 S /bin/prod_autom /etc/process_list.dat 5 5 789 0 380 S /bin/oam start 5 790 0 688 S /bin/prod_autom /etc/process_list.dat 5 5 791 0 688 S /bin/prod_autom /etc/process_list.dat 5 5 792 0 800 S /bin/tr98 5 5 795 0 1804 S /bin/tr69 --debug 5 797 0 1804 S /bin/tr69 --debug 5 798 0 1804 S /bin/tr69 --debug 5 799 0 800 S /bin/tr98 5 5 800 0 800 S /bin/tr98 5 5 801 0 1804 S /bin/tr69 --debug 5 802 0 1804 S /bin/tr69 --debug 5 803 0 800 R /bin/tr98 5 5 806 0 2424 S /bin/sipd /etc/process_list.dat 5 5 807 0 2424 S /bin/sipd /etc/process_list.dat 5 5 808 0 2424 S /bin/sipd /etc/process_list.dat 5 5 809 0 2424 S /bin/sipd /etc/process_list.dat 5 5 810 0 2424 S /bin/sipd /etc/process_list.dat 5 5 815 0 2424 S /bin/sipd /etc/process_list.dat 5 5 816 0 2424 S /bin/sipd /etc/process_list.dat 5 5 817 0 2424 S /bin/sipd /etc/process_list.dat 5 5 818 0 1804 S /bin/tr69 --debug 5 862 0 688 S /bin/prod_autom /etc/process_list.dat 5 5 1318 0 444 S /bin/sh 1327 0 320 R ps ax # # df Filesystem 1k-blocks Used Available Use% Mounted on cramfs 2560 2560 0 100% /mnt/cramfs # cat /etc/mtab rootfs / rootfs rw 0 0 cramfs /mnt/cramfs cramfs_mainfs ro 0 0 /proc /proc proc rw,nodiratime 0 0 usbfs /proc/bus/usb usbfs rw 0 0 /sys /sys sysfs rw 0 0 # cat /proc/mounts rootfs / rootfs rw 0 0 cramfs /mnt/cramfs cramfs_mainfs ro 0 0 /proc /proc proc rw,nodiratime 0 0 usbfs /proc/bus/usb usbfs rw 0 0 /dev/mtdblock1 /mnt/ffs/A jffs2 rw,sync,noatime 0 0 /sys /sys sysfs rw 0 0
I got also /mnt/ffs mounted once, should check again...
Website files are in /mnt/cramfs/home/httpd/html
Trying to change the theme (this didn't bring extra menu, to the contrary)
[admin @ home]$ rg_conf_print wbm/theme (theme(Sagem)) [admin @ home]$ rg_conf_set wbm/theme OpenRG [admin @ home]$ rg_conf_print wbm/theme (theme(OpenRG))
To revert:
[admin @ home]$ rg_conf_set wbm/theme Sagem
To learn the commands to manipulate the configuration, see here (french)
others
- 2555/tcp open UPnP Internet Gateway Device implementing some serious commands such as GetPassword ...
- 7020/tcp open Apparently for Incoming Jnet (Jungo.net) requests for Remote Upgrade Server (see here
- 7021/tcp open Same, in SSL
- 8085/tcp open unknown gSOAP_Web_Service???
The modem is also running a TR-069 process:
- TR-069 TR-069 is a WAN management protocol intended for communication between Customer Premise Equipment (CPE) and an Auto-Configuration Server (ACS). It defines a mechanism that encompasses secure auto configuration of a CPE, and also incorporates other CPE management functions into a common framework.
- it's supposed to poll an ACS server on port 7547
and a TR-098 process, referring to the Internet Gateway Device data model
accessible from WAN
- pings seem to be blocked
- TCP port 631 (if ?)
- TCP port 2555 (openrg)
- TCP port 7020 (openrg)
- TCP port 7021 (openrg)
- TCP port 8085 (tr69)
- TCP port 8888 (lighttpd)
- UDP port 1024 (openrg)
- UDP port 1025 (hostapd)
- UDP port 3000 (openrg, vdsld...)
- RAW port 2 (openrg)
ss
Easier to get direct;y the info from the box: there is no netstat but ss does the job:
# #TCP # ss -lnp Recv-Q Send-Q Local Address:Port Peer Address:Port 0 0 217.136.xx.xx:992 *:* users:(("openrg",574,47),("openrg",753,47)) 0 0 10.179.xx.xx:992 *:* users:(("openrg",574,34),("openrg",753,34)) 0 0 192.168.1.1:992 *:* users:(("openrg",574,20),("openrg",753,20)) 0 0 127.0.0.1:7019 *:* users:(("openrg",574,9),("openrg",753,9)) 0 0 217.136.xx.xx:7020 *:* users:(("openrg",574,49),("openrg",753,49)) 0 0 10.179.xx.xx:7020 *:* users:(("openrg",574,36),("openrg",753,36)) 0 0 192.168.1.1:7020 *:* users:(("openrg",574,22),("openrg",753,22)) 0 0 217.136.xx.xx:7021 *:* users:(("openrg",574,48),("openrg",753,48)) 0 0 10.179.xx.xx:7021 *:* users:(("openrg",574,35),("openrg",753,35)) 0 0 192.168.1.1:7021 *:* users:(("openrg",574,21),("openrg",753,21)) 0 0 217.136.xx.xx:8080 *:* users:(("openrg",574,61),("openrg",753,61)) 0 0 217.136.xx.xx:80 *:* users:(("openrg",574,50),("openrg",753,50)) 0 0 10.179.xx.xx:8080 *:* users:(("openrg",574,38),("openrg",753,38)) 0 0 10.179.xx.xx:80 *:* users:(("openrg",574,37),("openrg",753,37)) 0 0 192.168.1.1:8080 *:* users:(("openrg",574,26),("openrg",753,26)) 0 0 192.168.1.1:80 *:* users:(("openrg",574,25),("openrg",753,25)) 0 0 *:8085 *:* users:(("tr69",790,9),("tr69",794,9),("tr69",795,9),("tr69",798,9),("tr69",799,9),("tr69",817,9)) 0 0 217.136.xx.xx:8023 *:* users:(("openrg",574,45),("openrg",753,45)) 0 0 217.136.xx.xx:23 *:* users:(("openrg",574,44),("openrg",753,44)) 0 0 10.179.xx.xx:8023 *:* users:(("openrg",574,33),("openrg",753,33)) 0 0 10.179.xx.xx:23 *:* users:(("openrg",574,32),("openrg",753,32)) 0 0 192.168.1.1:8023 *:* users:(("openrg",574,19),("openrg",753,19)) 0 0 192.168.1.1:23 *:* users:(("openrg",574,18),("openrg",753,18)) 0 0 *:8888 *:* users:(("lighttpd",774,6)) 0 0 127.0.0.1:7000 *:* users:(("openrg",574,6),("vdsl.sh",677,6),("vdsld",680,6),("vdsld",689,6),("vdsld",690,6),("vdsld",691,6),("vdsld",692,6),("vdsld",693,6),("vdsld",694,6),("vdsld",695,6),("vdsld",696,6),("vdsld",697,6),("openrg",753,6)) 0 0 217.136.xx.xx:8443 *:* users:(("openrg",574,66),("openrg",753,66)) # #UDP # ss -naup State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:1024 *:* users:(("openrg",574,8),("openrg",753,8)) UNCONN 0 0 *:1025 *:* users:(("hostapd",754,6)) UNCONN 0 0 192.168.1.1:53 *:* users:(("openrg",574,17),("openrg",753,17)) UNCONN 0 0 127.0.0.1:53 *:* users:(("openrg",574,7),("openrg",753,7)) UNCONN 0 0 *:3000 *:* users:(("openrg",574,5),("vdsl.sh",677,5),("vdsld",680,5),("vdsld",689,5),("vdsld",690,5),("vdsld",691,5),("vdsld",692,5),("vdsld",693,5),("vdsld",694,5),("vdsld",695,5),("vdsld",696,5),("vdsld",697,5),("openrg",753,5)) UNCONN 0 0 10.179.xx.xx:5060 *:* users:(("sipd",803,14),("sipd",804,14),("sipd",805,14),("sipd",806,14),("sipd",807,14),("sipd",812,14),("sipd",813,14),("sipd",814,14)) UNCONN 0 0 192.168.1.1:1900 *:* users:(("openrg",574,24),("openrg",753,24)) UNCONN 0 0 239.255.255.250:1900 *:* users:(("openrg",574,23),("openrg",753,23)) # #RAW # ss -nawp State Recv-Q Send-Q Local Address:Port Peer Address:Port UNCONN 0 0 *:2 *:* users:(("openrg",574,15),("openrg",753,15))
UPnP
By default the modem has a UPnP IGD profile and I don't see how to disable it.
EDIT: actually it's possible by logging first as admin then entering the pseudo-URL "javascript:mimic_button('goto: 900..')"
If you use Skype this means Skype will tell the modem to open some ports and Skype will be reachable directly from Internet which means you become a relay-node and this can generate a lot of traffic!
One way to avoid it is to locally block the UPnP discovery multicast packets of Skype, e.g.:
iptables -A OUTPUT -d 239.255.255.250 -p udp -m string --algo bm --string "urn:schemas-upnp-org:service:WAN" -j DROP
By filtering on that string this allows other applications to send their M-SEARCH packet if they don't look for services:WANIP/WANPPP...
One can install that netfilter rule on Debian by following this howto
If you are using Windows, you can disable UPnP directly in Skype from version 4.0