Difference between revisions of "Modem BBox-2"
m (→UPnP) |
|||
| Line 203: | Line 203: | ||
* 7021 open? |
* 7021 open? |
||
* 8085 open? |
* 8085 open? |
||
| + | ===ss=== |
||
| + | Easier to get direct;y the info from the box: there is no netstat but ss does the job: |
||
| + | <code> |
||
| + | # ss -lnp |
||
| + | Recv-Q Send-Q Local Address:Port Peer Address:Port |
||
| + | 0 0 217.136.xx.xx:992 *:* users:(("openrg",574,47),("openrg",753,47)) |
||
| + | 0 0 10.179.xx.xx:992 *:* users:(("openrg",574,34),("openrg",753,34)) |
||
| + | 0 0 192.168.1.1:992 *:* users:(("openrg",574,20),("openrg",753,20)) |
||
| + | 0 0 127.0.0.1:7019 *:* users:(("openrg",574,9),("openrg",753,9)) |
||
| + | 0 0 217.136.xx.xx:7020 *:* users:(("openrg",574,49),("openrg",753,49)) |
||
| + | 0 0 10.179.xx.xx:7020 *:* users:(("openrg",574,36),("openrg",753,36)) |
||
| + | 0 0 192.168.1.1:7020 *:* users:(("openrg",574,22),("openrg",753,22)) |
||
| + | 0 0 217.136.xx.xx:7021 *:* users:(("openrg",574,48),("openrg",753,48)) |
||
| + | 0 0 10.179.xx.xx:7021 *:* users:(("openrg",574,35),("openrg",753,35)) |
||
| + | 0 0 192.168.1.1:7021 *:* users:(("openrg",574,21),("openrg",753,21)) |
||
| + | 0 0 217.136.xx.xx:8080 *:* users:(("openrg",574,61),("openrg",753,61)) |
||
| + | 0 0 217.136.xx.xx:80 *:* users:(("openrg",574,50),("openrg",753,50)) |
||
| + | 0 0 10.179.xx.xx:8080 *:* users:(("openrg",574,38),("openrg",753,38)) |
||
| + | 0 0 10.179.xx.xx:80 *:* users:(("openrg",574,37),("openrg",753,37)) |
||
| + | 0 0 192.168.1.1:8080 *:* users:(("openrg",574,26),("openrg",753,26)) |
||
| + | 0 0 192.168.1.1:80 *:* users:(("openrg",574,25),("openrg",753,25)) |
||
| + | 0 0 *:8085 *:* users:(("tr69",790,9),("tr69",794,9),("tr69",795,9),("tr69",798,9),("tr69",799,9),("tr69",817,9)) |
||
| + | 0 0 217.136.xx.xx:8023 *:* users:(("openrg",574,45),("openrg",753,45)) |
||
| + | 0 0 217.136.xx.xx:23 *:* users:(("openrg",574,44),("openrg",753,44)) |
||
| + | 0 0 10.179.xx.xx:8023 *:* users:(("openrg",574,33),("openrg",753,33)) |
||
| + | 0 0 10.179.xx.xx:23 *:* users:(("openrg",574,32),("openrg",753,32)) |
||
| + | 0 0 192.168.1.1:8023 *:* users:(("openrg",574,19),("openrg",753,19)) |
||
| + | 0 0 192.168.1.1:23 *:* users:(("openrg",574,18),("openrg",753,18)) |
||
| + | 0 0 *:8888 *:* users:(("lighttpd",774,6)) |
||
| + | 0 0 127.0.0.1:7000 *:* users:(("openrg",574,6),("vdsl.sh",677,6),("vdsld",680,6),("vdsld",689,6),("vdsld",690,6),("vdsld",691,6),("vdsld",692,6),("vdsld",693,6),("vdsld",694,6),("vdsld",695,6),("vdsld",696,6),("vdsld",697,6),("openrg",753,6)) |
||
| + | 0 0 217.136.xx.xx:8443 *:* users:(("openrg",574,66),("openrg",753,66)) |
||
| + | |||
| + | </code> |
||
| + | |||
==UPnP== |
==UPnP== |
||
By default the modem has a UPnP IGD profile and I don't see how to disable it. |
By default the modem has a UPnP IGD profile and I don't see how to disable it. |
||
Revision as of 00:29, 18 January 2010
Description
This is the default modem coming with Belgacom internet solutions in Belgium.
It allows SIP and IPTV.
It's a Sagem F@st 3464 (even if the box looks different), running a customized version of Jungo Openrg.
Version information, as visible on the web interface:
Runtime Code Version 6001GR-6000GR Hardware Version 1 Serial Num LK12345DP123456 VDSL Version Firmware-VTU-R:1.0.7r57bIK105012 Time Dec 27 2007, 18:50:21
VDSL sync:
Downstream line rate 21648 kbps Upstream line rate 2848 kbps Downstream Training Margin 19.1 dB
test Speedtest.nl:
Downstream line rate 11Mbps Upstream line rate 1Mbps
Exploration
A number of services & ports are available:
web interface
You can reach it via any of those addresses:
HTTPS offers a OpenRG SSL certificate, to be explicitly accepted by your browser to go further...
Admin settings menu:
If you're logging as admin rather than user as default, you'll get an extra menu:
This allows to save and restore the whole configuration and to upload new firmwares, if any.
Other pages might be accessible, cf this thread (french) or this page (french)
memory sharing
Apparently you may connect a USB harddrive to the BBox-2 and share its content as with a NAS.
-> /mnt/usb internally
A webserver (lighttpd) would then expose the content via:
Or if via the admin menu, you enable memory sharing, we get the same via a WAN (accessible outside too!) https:
HTTPS offers a Sagem certificate
telnet
- telnet on 192.168.1.1 port 23 and port 8023
- telnet SSL on port 992
- login admin password BGCVDSL2
- (TODO: try user/user)
If you type the command "shell" you'll get a shell prompt and a busybox environment ;-)
[admin @ home]$ ver
Version: 4.0.21.3.3.1.32.1.1.1.6.Fast3464.60.00.GR
Platform: Sagem F@ST346X
Compilation Time: 02-Mar-09 17:18:02
[admin @ home]$ shell
BusyBox v1.01 (2009.02.19-21:18+0100) Built-in shell (ash)
Enter 'help' for a list of built-in commands.
# cat /proc/version
Linux version 2.6.15 #24 Mon Mar 2 18:21:25 CET 2009
#
# cat /proc/cpuinfo
system type : ADI Fusiv Core
processor : 0
cpu model : Lexra LX4189 V0.0
BogoMIPS : 199.47
wait instruction : no
microsecond timers : no
tlb_entries : 64
extra interrupt vector : no
hardware watchpoint : no
ASEs implemented :
VCED exceptions : not available
VCEI exceptions : not available
# ps
PID Uid VmSize Stat Command
1 0 652 S /bin/init
2 0 SWN [ksoftirqd/0]
3 0 SW< [events/0]
4 0 SW< [khelper]
5 0 SW< [kthread]
8 0 SW< [kblockd/0]
11 0 SW< [khubd]
35 0 SW [pdflush]
36 0 SW [pdflush]
38 0 SW< [aio/0]
37 0 SW [kswapd0]
559 0 SW [mtdblockd]
574 0 4436 S /bin/openrg
629 0 SWN [jffs2_gcd_mtd1]
677 0 348 S /bin/sh /etc/vdsl.sh
680 0 2208 S vdsld
686 0 560 S /bin/main_autom /etc/process_list.dat 2 9
687 0 560 S /bin/main_autom /etc/process_list.dat 2 9
688 0 560 S /bin/main_autom /etc/process_list.dat 2 9
689 0 2208 S vdsld
690 0 2208 S vdsld
691 0 2208 S vdsld
692 0 2208 S vdsld
693 0 2208 S vdsld
694 0 2208 S vdsld
695 0 2208 S vdsld
696 0 2208 S vdsld
697 0 2208 S vdsld
753 0 4436 D /bin/openrg
752 0 SW [idmaThread]
754 0 424 S hostapd /etc/hostapd.conf.eth2
757 0 764 S /bin/watchdog
758 0 560 S /bin/main_autom /etc/process_list.dat 2 9
772 0 228 S /usr/local/bin/syncloop
777 0 644 S /usr/local/sbin/lighttpd -f /mnt/ffs/A/lighttpd.conf
781 0 388 S /bin/igmpsnoop -i eth0 -l 30 -c 0x10080 -v -t
782 0 380 S /bin/oam start 5
783 0 688 S /bin/prod_autom /etc/process_list.dat 5 5
786 0 296 S /bin/syslogd-sa -b
787 0 380 S /bin/oam start 5
788 0 688 S /bin/prod_autom /etc/process_list.dat 5 5
789 0 380 S /bin/oam start 5
790 0 688 S /bin/prod_autom /etc/process_list.dat 5 5
791 0 688 S /bin/prod_autom /etc/process_list.dat 5 5
792 0 800 S /bin/tr98 5 5
795 0 1804 S /bin/tr69 --debug 5
797 0 1804 S /bin/tr69 --debug 5
798 0 1804 S /bin/tr69 --debug 5
799 0 800 S /bin/tr98 5 5
800 0 800 S /bin/tr98 5 5
801 0 1804 S /bin/tr69 --debug 5
802 0 1804 S /bin/tr69 --debug 5
803 0 800 R /bin/tr98 5 5
806 0 2424 S /bin/sipd /etc/process_list.dat 5 5
807 0 2424 S /bin/sipd /etc/process_list.dat 5 5
808 0 2424 S /bin/sipd /etc/process_list.dat 5 5
809 0 2424 S /bin/sipd /etc/process_list.dat 5 5
810 0 2424 S /bin/sipd /etc/process_list.dat 5 5
815 0 2424 S /bin/sipd /etc/process_list.dat 5 5
816 0 2424 S /bin/sipd /etc/process_list.dat 5 5
817 0 2424 S /bin/sipd /etc/process_list.dat 5 5
818 0 1804 S /bin/tr69 --debug 5
862 0 688 S /bin/prod_autom /etc/process_list.dat 5 5
1318 0 444 S /bin/sh
1327 0 320 R ps ax
#
# df
Filesystem 1k-blocks Used Available Use% Mounted on
cramfs 2560 2560 0 100% /mnt/cramfs
# cat /etc/mtab
rootfs / rootfs rw 0 0
cramfs /mnt/cramfs cramfs_mainfs ro 0 0
/proc /proc proc rw,nodiratime 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/sys /sys sysfs rw 0 0
# cat /proc/mounts
rootfs / rootfs rw 0 0
cramfs /mnt/cramfs cramfs_mainfs ro 0 0
/proc /proc proc rw,nodiratime 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/dev/mtdblock1 /mnt/ffs/A jffs2 rw,sync,noatime 0 0
/sys /sys sysfs rw 0 0
I got also /mnt/ffs mounted once, should check again...
Website files are in /mnt/cramfs/home/httpd/html
Trying to change the theme (this didn't bring extra menu, to the contrary)
[admin @ home]$ rg_conf_print wbm/theme (theme(Sagem)) [admin @ home]$ rg_conf_set wbm/theme OpenRG [admin @ home]$ rg_conf_print wbm/theme (theme(OpenRG))
To revert:
[admin @ home]$ rg_conf_set wbm/theme Sagem
To learn the commands to manipulate the configuration, see here (french)
others
- 2555/tcp open UPnP Internet Gateway Device implementing some serious commands such as GetPassword ...
- 7020/tcp open Apparently for Incoming Jnet (Jungo.net) requests for Remote Upgrade Server (see here
- 7021/tcp open Same, in SSL
- 8085/tcp open unknown gSOAP_Web_Service???
The modem is also running a TR-069 process:
- TR-069 TR-069 is a WAN management protocol intended for communication between Customer Premise Equipment (CPE) and an Auto-Configuration Server (ACS). It defines a mechanism that encompasses secure auto configuration of a CPE, and also incorporates other CPE management functions into a common framework.
- it's supposed to poll an ACS server on port 7547
and a TR-098 process, referring to the Internet Gateway Device data model
accessible from WAN
- pings seem to be blocked
- 631 open?
- 2555 open?
- 7020 open?
- 7021 open?
- 8085 open?
ss
Easier to get direct;y the info from the box: there is no netstat but ss does the job:
- ss -lnp
Recv-Q Send-Q Local Address:Port Peer Address:Port
0 0 217.136.xx.xx:992 *:* users:(("openrg",574,47),("openrg",753,47))
0 0 10.179.xx.xx:992 *:* users:(("openrg",574,34),("openrg",753,34))
0 0 192.168.1.1:992 *:* users:(("openrg",574,20),("openrg",753,20))
0 0 127.0.0.1:7019 *:* users:(("openrg",574,9),("openrg",753,9))
0 0 217.136.xx.xx:7020 *:* users:(("openrg",574,49),("openrg",753,49))
0 0 10.179.xx.xx:7020 *:* users:(("openrg",574,36),("openrg",753,36))
0 0 192.168.1.1:7020 *:* users:(("openrg",574,22),("openrg",753,22))
0 0 217.136.xx.xx:7021 *:* users:(("openrg",574,48),("openrg",753,48))
0 0 10.179.xx.xx:7021 *:* users:(("openrg",574,35),("openrg",753,35))
0 0 192.168.1.1:7021 *:* users:(("openrg",574,21),("openrg",753,21))
0 0 217.136.xx.xx:8080 *:* users:(("openrg",574,61),("openrg",753,61))
0 0 217.136.xx.xx:80 *:* users:(("openrg",574,50),("openrg",753,50))
0 0 10.179.xx.xx:8080 *:* users:(("openrg",574,38),("openrg",753,38))
0 0 10.179.xx.xx:80 *:* users:(("openrg",574,37),("openrg",753,37))
0 0 192.168.1.1:8080 *:* users:(("openrg",574,26),("openrg",753,26))
0 0 192.168.1.1:80 *:* users:(("openrg",574,25),("openrg",753,25))
0 0 *:8085 *:* users:(("tr69",790,9),("tr69",794,9),("tr69",795,9),("tr69",798,9),("tr69",799,9),("tr69",817,9))
0 0 217.136.xx.xx:8023 *:* users:(("openrg",574,45),("openrg",753,45))
0 0 217.136.xx.xx:23 *:* users:(("openrg",574,44),("openrg",753,44))
0 0 10.179.xx.xx:8023 *:* users:(("openrg",574,33),("openrg",753,33))
0 0 10.179.xx.xx:23 *:* users:(("openrg",574,32),("openrg",753,32))
0 0 192.168.1.1:8023 *:* users:(("openrg",574,19),("openrg",753,19))
0 0 192.168.1.1:23 *:* users:(("openrg",574,18),("openrg",753,18))
0 0 *:8888 *:* users:(("lighttpd",774,6))
0 0 127.0.0.1:7000 *:* users:(("openrg",574,6),("vdsl.sh",677,6),("vdsld",680,6),("vdsld",689,6),("vdsld",690,6),("vdsld",691,6),("vdsld",692,6),("vdsld",693,6),("vdsld",694,6),("vdsld",695,6),("vdsld",696,6),("vdsld",697,6),("openrg",753,6))
0 0 217.136.xx.xx:8443 *:* users:(("openrg",574,66),("openrg",753,66))
UPnP
By default the modem has a UPnP IGD profile and I don't see how to disable it.
If you use Skype this means Skype will tell the modem to open some ports and Skype will be reachable directly from Internet which means you become a relay-node and this can generate a lot of traffic!
One way to avoid it is to locally block the UPnP discovery multicast packets of Skype, e.g.:
iptables -A OUTPUT -d 239.255.255.250 -p udp -m string --algo bm --string "urn:schemas-upnp-org:service:WAN" -j DROP
By filtering on that string this allows other applications to send their M-SEARCH packet if they don't look for services:WANIP/WANPPP...
One can install that netfilter rule on Debian by following this howto