Ask a question
Search in U-verse Forums

U-verse Forums

Reply
Highlighted
Posted Jan 21, 2009
5:51:01 AM
View profile
Security (or lack there of)

When I look at the event log (filtering set to ALL) under http://192.168.1.254/management or more

specifically: http://192.168.1.254/xslt?PAGE=J17&THISPAGE=A02_POST&NEXTPAGE=J17

 

I do see some entries, but not all entries. I have a server in a datacenter and attempted

to telnet from it to the public ip of the RG (as retrived from http://whatismyip.com), reloaded

the event log, and the telnet attempt never showed up. Waited five minutes (in case the logging

is delayed), reloaded, and still nothing. Changing some settings in the RG don't appear to always be

logged either.

 

I also noticed that is seems to be limited to just a couple of pages, this is even after I have cleared

the log since the initial entries were fubared due to the time not being set by the installer

(among other things) at the time of installation.

 

I do notice that I can setup a syslog server for logging (but a lil too lazy to set that up just yet),

but does anyone know if this is just the RG's firmware limiation, or if I do setup a syslog server I

would get the full logs?

 

Also, with the ability to control the DVR remotely, makes me think belive that there is

remote access to the local subnet where the DVR and the local hosts are on the same subnet

and not even seperated by VLAN's (that I'm aware of - no manual available to confirm/deny).

 

It's great that the 2Wire 3800HGV-B RG has  NAT and (I believe) SPI firewall, but if eveilperson@att

(AT&T is doing some major layoff's) does have remote access, would data on the lan be protected?

 

I tried tossing another firewall box behind the RG, but it nagged about "Router behind router"

detected and I haven't looked into it further just yet.

 

 

 

 

 

 

 

 

 

 

 

 

When I look at the event log (filtering set to ALL) under http://192.168.1.254/management or more

specifically: http://192.168.1.254/xslt?PAGE=J17&THISPAGE=A02_POST&NEXTPAGE=J17

 

I do see some entries, but not all entries. I have a server in a datacenter and attempted

to telnet from it to the public ip of the RG (as retrived from http://whatismyip.com), reloaded

the event log, and the telnet attempt never showed up. Waited five minutes (in case the logging

is delayed), reloaded, and still nothing. Changing some settings in the RG don't appear to always be

logged either.

 

I also noticed that is seems to be limited to just a couple of pages, this is even after I have cleared

the log since the initial entries were fubared due to the time not being set by the installer

(among other things) at the time of installation.

 

I do notice that I can setup a syslog server for logging (but a lil too lazy to set that up just yet),

but does anyone know if this is just the RG's firmware limiation, or if I do setup a syslog server I

would get the full logs?

 

Also, with the ability to control the DVR remotely, makes me think belive that there is

remote access to the local subnet where the DVR and the local hosts are on the same subnet

and not even seperated by VLAN's (that I'm aware of - no manual available to confirm/deny).

 

It's great that the 2Wire 3800HGV-B RG has  NAT and (I believe) SPI firewall, but if eveilperson@att

(AT&T is doing some major layoff's) does have remote access, would data on the lan be protected?

 

I tried tossing another firewall box behind the RG, but it nagged about "Router behind router"

detected and I haven't looked into it further just yet.

 

 

 

 

 

 

 

 

 

 

 

 

Security (or lack there of)

3,699 views
10 replies
(0) Me too
(0) Me too
Reply
View all replies
(10)
0
(0)
  • Rate this reply
View profile
Jan 21, 2009 6:50:31 AM
0
(0)
Master

Epi wrote:

When I look at the event log (filtering set to ALL) under http://192.168.1.254/management or more

specifically: http://192.168.1.254/xslt?PAGE=J17&THISPAGE=A02_POST&NEXTPAGE=J17

 

I do see some entries, but not all entries. I have a server in a datacenter and attempted

to telnet from it to the public ip of the RG (as retrived from http://whatismyip.com), reloaded

the event log, and the telnet attempt never showed up. Waited five minutes (in case the logging

is delayed), reloaded, and still nothing. Changing some settings in the RG don't appear to always be

logged either.

 

I also noticed that is seems to be limited to just a couple of pages, this is even after I have cleared

the log since the initial entries were fubared due to the time not being set by the installer

(among other things) at the time of installation.

 

I do notice that I can setup a syslog server for logging (but a lil too lazy to set that up just yet),

but does anyone know if this is just the RG's firmware limiation, or if I do setup a syslog server I

would get the full logs?

 

Also, with the ability to control the DVR remotely, makes me think belive that there is

remote access to the local subnet where the DVR and the local hosts are on the same subnet

and not even seperated by VLAN's (that I'm aware of - no manual available to confirm/deny).

 

It's great that the 2Wire 3800HGV-B RG has  NAT and (I believe) SPI firewall, but if eveilperson@att

(AT&T is doing some major layoff's) does have remote access, would data on the lan be protected?

 

I tried tossing another firewall box behind the RG, but it nagged about "Router behind router"

detected and I haven't looked into it further just yet.

 

 


There is a system log and a session log where it could have been recorded, located here: (http://192.168.1.254/xslt?PAGE=J14&THISPAGE=J17&NEXTPAGE=J14) and here: (http://192.168.1.254/xslt?PAGE=J34&THISPAGE=J14&NEXTPAGE=J34)

 

 

Did your telnet attempt fail? Where you actually trying to connect to a live server behind the RG, or were you just banging on the door to see what happens.

 

I use a wireless router behind the RG and keep all "my" network on "my" router and left all the DVR/STBs on the RG.

 

You can go to this page to turn off the "router behind router" alert (http://192.168.1.254/xslt?PAGE=J09&THISPAGE=J02&NEXTPAGE=J09) but if you set up your "internal" router correctly you will not get the alert, even if it is enabled.

 

 

 

 

 

 

 

 

 

 

 

 

__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I realy want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------

                              


Epi wrote:

When I look at the event log (filtering set to ALL) under http://192.168.1.254/management or more

specifically: http://192.168.1.254/xslt?PAGE=J17&THISPAGE=A02_POST&NEXTPAGE=J17

 

I do see some entries, but not all entries. I have a server in a datacenter and attempted

to telnet from it to the public ip of the RG (as retrived from http://whatismyip.com), reloaded

the event log, and the telnet attempt never showed up. Waited five minutes (in case the logging

is delayed), reloaded, and still nothing. Changing some settings in the RG don't appear to always be

logged either.

 

I also noticed that is seems to be limited to just a couple of pages, this is even after I have cleared

the log since the initial entries were fubared due to the time not being set by the installer

(among other things) at the time of installation.

 

I do notice that I can setup a syslog server for logging (but a lil too lazy to set that up just yet),

but does anyone know if this is just the RG's firmware limiation, or if I do setup a syslog server I

would get the full logs?

 

Also, with the ability to control the DVR remotely, makes me think belive that there is

remote access to the local subnet where the DVR and the local hosts are on the same subnet

and not even seperated by VLAN's (that I'm aware of - no manual available to confirm/deny).

 

It's great that the 2Wire 3800HGV-B RG has  NAT and (I believe) SPI firewall, but if eveilperson@att

(AT&T is doing some major layoff's) does have remote access, would data on the lan be protected?

 

I tried tossing another firewall box behind the RG, but it nagged about "Router behind router"

detected and I haven't looked into it further just yet.

 

 


There is a system log and a session log where it could have been recorded, located here: (http://192.168.1.254/xslt?PAGE=J14&THISPAGE=J17&NEXTPAGE=J14) and here: (http://192.168.1.254/xslt?PAGE=J34&THISPAGE=J14&NEXTPAGE=J34)

 

 

Did your telnet attempt fail? Where you actually trying to connect to a live server behind the RG, or were you just banging on the door to see what happens.

 

I use a wireless router behind the RG and keep all "my" network on "my" router and left all the DVR/STBs on the RG.

 

You can go to this page to turn off the "router behind router" alert (http://192.168.1.254/xslt?PAGE=J09&THISPAGE=J02&NEXTPAGE=J09) but if you set up your "internal" router correctly you will not get the alert, even if it is enabled.

 

 

 

 

 

 

 

 

 

 

 

 

__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I realy want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------

                               neon_sign.jpg

Re: Security (or lack there of)

2 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 21, 2009 8:18:21 AM
0
(0)
Teacher

Not at home atm, but will look at the links you provide later on.

 

The telnet was just to knock on the door, HOPING that it would be logged - it wasn't.

 

When you say "internal router setup correctly" what exactly do you mean?

It's just a basic router with NAT (and yes, bandwidth does suck with it being double NAT'ed).

(I'm not even sure how it actually detected the 2nd router)

 

I haven't attempted/figure out how to just bridge/route the WAN IP thru to the LAN.

Since the STB's do use the private DHCP subnet I think I'm tempting fate if I do.

 

If I setup a DMZ passthru to *my* router, I would still like to be able to access the RG's web iface

without having to plugin to the RG ethernet switch or muck with subnet settings on one of my hosts.

 

 

I typically use a 10.x.x.x subnet on the LAN , just so I can make sure that I know what subnet I'm mucking with (murphy's law).

Sure, I could setup 192.168.2.x/24 for the LAN, and 192.168.1.x/24 for the RG/STB's, but I'm a bit leary of that =)

 

I'd love to be able to shell into the RG, would make this much easier to see what's going on 'under the hood'.

 

 

 


There is a system log and a session log where it could have been recorded, located here: (http://192.168.1.254/xslt?PAGE=J14&THISPAGE=J17&NEXTPAGE=J14) and here: (http://192.168.1.254/xslt?PAGE=J34&THISPAGE=J14&NEXTPAGE=J34)

 

 

Did your telnet attempt fail? Where you actually trying to connect to a live server behind the RG, or were you just banging on the door to see what happens.

 

I use a wireless router behind the RG and keep all "my" network on "my" router and left all the DVR/STBs on the RG.

 

You can go to this page to turn off the "router behind router" alert (http://192.168.1.254/xslt?PAGE=J09&THISPAGE=J02&NEXTPAGE=J09) but if you set up your "internal" router correctly you will not get the alert, even if it is enabled.

Not at home atm, but will look at the links you provide later on.

 

The telnet was just to knock on the door, HOPING that it would be logged - it wasn't.

 

When you say "internal router setup correctly" what exactly do you mean?

It's just a basic router with NAT (and yes, bandwidth does suck with it being double NAT'ed).

(I'm not even sure how it actually detected the 2nd router)

 

I haven't attempted/figure out how to just bridge/route the WAN IP thru to the LAN.

Since the STB's do use the private DHCP subnet I think I'm tempting fate if I do.

 

If I setup a DMZ passthru to *my* router, I would still like to be able to access the RG's web iface

without having to plugin to the RG ethernet switch or muck with subnet settings on one of my hosts.

 

 

I typically use a 10.x.x.x subnet on the LAN , just so I can make sure that I know what subnet I'm mucking with (murphy's law).

Sure, I could setup 192.168.2.x/24 for the LAN, and 192.168.1.x/24 for the RG/STB's, but I'm a bit leary of that =)

 

I'd love to be able to shell into the RG, would make this much easier to see what's going on 'under the hood'.

 

 

 


There is a system log and a session log where it could have been recorded, located here: (http://192.168.1.254/xslt?PAGE=J14&THISPAGE=J17&NEXTPAGE=J14) and here: (http://192.168.1.254/xslt?PAGE=J34&THISPAGE=J14&NEXTPAGE=J34)

 

 

Did your telnet attempt fail? Where you actually trying to connect to a live server behind the RG, or were you just banging on the door to see what happens.

 

I use a wireless router behind the RG and keep all "my" network on "my" router and left all the DVR/STBs on the RG.

 

You can go to this page to turn off the "router behind router" alert (http://192.168.1.254/xslt?PAGE=J09&THISPAGE=J02&NEXTPAGE=J09) but if you set up your "internal" router correctly you will not get the alert, even if it is enabled.

Re: Security (or lack there of)

3 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 21, 2009 8:48:10 AM
0
(0)
Master

If you have highly "customized" network, and don't want to reconfigure everything, I suggest using your own router behind the RG.


This is what I did to use an "internal" router. I set my "internal" router to use DHCP for the WAN address, plugged it's WAN port in to the RG, let the RG assign a local address to the "internal" router and then set that address to the DMZ in the RG. When I go to the "internal" router it shows as having the same WAN, gateway, and DNS addresses that the RG uses.


I set the "internal" router to assign addresses to "my" side of the network in a different IP range than what the RG uses (192.168.2.* instead of 192.168.1.*) but using the same subnet mask (255.255.255.0). My internet works fine with no interuptions and local network tasks (back ups, streaming, etc.) work as expected. I can also still access the RG from "my" side of the network when I need to without having to change any network settings or swap any cables. Leave DHCP running on the RG. You do not need to disable the firewall in the RG as the DMZ will open a pinhole through it to the address you pick (your internal router). If you have existing wireless on your router that your satisfied with and want to keep, just make sure to turn off the wireless in the RG.


As for the STBs they should be run straight out of the RG with CAT5 or RG6 Coax.


If you currently have your router behind a basic DSL or Cable modem, Your setup will be pretty much the same. The RG will replace your modem, then go into your existing router and change it's internet connection type to Dynamic or DHCP. Then change it's internal network IP adress and DHCP Pool and you should be good to go.

 

 

 

 

I have the 6/1 package and this is the result with my router behind router setup.

 

 

 

 

 

 

 

 

__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I realy want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------

Message Edited by Computer-Joe on 01-21-2009 10:52 AM

                              

If you have highly "customized" network, and don't want to reconfigure everything, I suggest using your own router behind the RG.


This is what I did to use an "internal" router. I set my "internal" router to use DHCP for the WAN address, plugged it's WAN port in to the RG, let the RG assign a local address to the "internal" router and then set that address to the DMZ in the RG. When I go to the "internal" router it shows as having the same WAN, gateway, and DNS addresses that the RG uses.


I set the "internal" router to assign addresses to "my" side of the network in a different IP range than what the RG uses (192.168.2.* instead of 192.168.1.*) but using the same subnet mask (255.255.255.0). My internet works fine with no interuptions and local network tasks (back ups, streaming, etc.) work as expected. I can also still access the RG from "my" side of the network when I need to without having to change any network settings or swap any cables. Leave DHCP running on the RG. You do not need to disable the firewall in the RG as the DMZ will open a pinhole through it to the address you pick (your internal router). If you have existing wireless on your router that your satisfied with and want to keep, just make sure to turn off the wireless in the RG.


As for the STBs they should be run straight out of the RG with CAT5 or RG6 Coax.


If you currently have your router behind a basic DSL or Cable modem, Your setup will be pretty much the same. The RG will replace your modem, then go into your existing router and change it's internet connection type to Dynamic or DHCP. Then change it's internal network IP adress and DHCP Pool and you should be good to go.

 

 

 

 

I have the 6/1 package and this is the result with my router behind router setup.

 

 

 

 

 

 

 

 

__________________________________________________________
How can you be in two places at once, when your not anywhere at all?
------------------------------------------------------------------------------------------------------
I realy want to become a procrastinator, but I keep putting it off.
------------------------------------------------------------------------------------------------------

Message Edited by Computer-Joe on 01-21-2009 10:52 AM

                               neon_sign.jpg

Re: Security (or lack there of)

4 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 23, 2009 4:08:43 PM
0
(0)
Mentor
I concur with Computer-Joe.  The use of a Router behind the RG is the best strategy for your situation.   I did the same thing as Computer-Joe and I'm ecstatic that I have access to the improved security of my business class Router WRVS4400N from Linksys.  Best move I ever made since getting U-verse...   :smileyhappy:
I concur with Computer-Joe.  The use of a Router behind the RG is the best strategy for your situation.   I did the same thing as Computer-Joe and I'm ecstatic that I have access to the improved security of my business class Router WRVS4400N from Linksys.  Best move I ever made since getting U-verse...   :smileyhappy:

Re: Security (or lack there of)

5 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 25, 2009 1:29:50 PM
0
(0)
Teacher

Yeah, that has been my intensions all this time - thus why I tossed my router on the RG.

 

But, instead of double-natting, I tossed my router into the DMZ.

 

The problem I found is that the RG (via DHCP) is issuing the public IP to my router correctly,

but is issuing the private DNS server (192.x.x.x), not the public DNS server (66.x.x.x) to my router.

Yeah, that has been my intensions all this time - thus why I tossed my router on the RG.

 

But, instead of double-natting, I tossed my router into the DMZ.

 

The problem I found is that the RG (via DHCP) is issuing the public IP to my router correctly,

but is issuing the private DNS server (192.x.x.x), not the public DNS server (66.x.x.x) to my router.

Re: Security (or lack there of)

6 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 25, 2009 1:59:47 PM
0
(0)
ACE - Expert

As I replied in your other post, the RG is getting the ATT DNS IP addr's internally and giving your router the RG's IP addr.  I'd suggest you use opendns on your individual computers as ATT's DNS servers are not the best. :smileywink:

 

Chris

 

 




I want CBET Channel 9 Please NO SD stretch-o-vision HD Channels
1-800-983-2811 to avoid Mr. Voice Recognition

 

 

As I replied in your other post, the RG is getting the ATT DNS IP addr's internally and giving your router the RG's IP addr.  I'd suggest you use opendns on your individual computers as ATT's DNS servers are not the best. :smileywink:

 

Chris

 

 




I want CBET Channel 9 Please NO SD stretch-o-vision HD Channels
1-800-983-2811 to avoid Mr. Voice Recognition

 

 

*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.

Re: Security (or lack there of)

7 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 26, 2009 5:31:34 AM
0
(0)
Teacher
1. I had mentioned previously that the logs are not complete, I found that there is a setting to have FULL LOGGGING that one needs to enable.

2. Even if AT&T's DNS servers are fubared, I don't have a static subnet. So I need to setup my router to receive an IP from the RG via DHCP.
I can't easily interject a specific DNS server on the router when it's setup to receive an IP via DHCP, that's really the dhcpd's job to do so.

3. I lost connectivity around 4am Pacific time this morning, is this common?
Never had this happen on a regular basis with ADSL before, as it seems to be with VDSL.

4. The logs are a bit screwy

INF 2009-01-25T10:20:05-08:00 cwmd: session started, server: 'https://cwmp.c01.sbcglobal.net/cwmp/services/CWMP', event code(s): '6 CONNECTION REQUEST'
INF 2009-01-25T10:20:06-08:00 cvd: VDSL Management: get_DSM: Total Time: 0 secs, Modem State: 7, Error Flags: 0x0
INF 2009-01-25T10:20:06-08:00 cvd: Previous log entry repeated 3 times
INF 2009-01-25T10:20:07-08:00 cwmd: session completed successfully
INF 2009-01-25T10:20:08-08:00 cwmd: session started, server: 'https://cwmp.c01.sbcglobal.net/cwmp/services/CWMP', event code(s): '6 CONNECTION REQUEST'
INF 2009-01-25T10:20:09-08:00 cvd: VDSL Management: get_DSM: Total Time: 0 secs, Modem State: 7, Error Flags: 0x0
INF 2009-01-25T10:20:09-08:00 cvd: Previous log entry repeated 3 times
INF 2009-01-25T10:20:14-08:00 cwmd: session completed successfully
WRN 2009-01-25T10:52:36-08:00 eth: met0: filter session space exceeded
WRN 2009-01-25T16:37:43-08:00 eth: Previous log entry repeated 5 times
INF 2009-01-25T18:04:32-08:00 cwmd: session started, server: 'https://cwmp.c01.sbcglobal.net/cwmp/services/CWMP', event code(s): '2 PERIODIC'
INF 2009-01-25T18:04:47-08:00 cwmd: session completed successfully


-- Not exactly sure what this is about:
WRN 2009-01-25T19:29:40-08:00 eth: met0: filter session space exceeded
WRN 2009-01-26T02:44:02-08:00 eth: Previous log entry repeated 2 times

-- OH JOY
INF 2009-01-26T04:05:56-08:00 cvd: CVD: network link is down
INF 2009-01-26T04:05:56-08:00 cvd: Using line 1
WRN 2009-01-26T04:05:56-08:00 eth: met0: filter session space exceeded
WRN 2009-01-26T04:05:57-08:00 vrsip: Broadband connection lost
INF 2009-01-26T04:06:05-08:00 lmd: dsl0: down (signal lost)
INF 2009-01-26T04:06:08-08:00 cvd: CVD: stop_dsl: got called
INF 2009-01-26T04:06:14-08:00 cvd: Previous log entry repeated 1 times
INF 2009-01-26T04:06:15-08:00 cvd: CVD: start_dsl: got called
INF 2009-01-26T04:06:54-08:00 cvd: CVD: network link is up

-- No, I am not getting 63Mbps - nice to know that "something" is at least capable of that speed.
INF 2009-01-26T04:06:54-08:00 lmd: dsl0: up G.993.1 interleaved Rate:25216/2048 Max:63036/2048
INF 2009-01-26T04:06:54-08:00 lmd: dsl0: Margin:27.0/0.0 Atten:10.8/0.0 Power:14.2/-24.0
INF 2009-01-26T04:06:54-08:00 lmd: dsl0: Country: {B5} Vendor: {GSPN} Specific: {153}

-- Ok, it's bridging which I kinda suspected
INF 2009-01-26T04:07:04-08:00 lmd: ipnet0: DOWN on bridge1 with 99.139.x.x
WRN 2009-01-26T04:07:04-08:00 cwmd: httpc_req_start No such file or directory

-- Say what? I NEVER open up a hole to port 50001
INF 2009-01-26T04:07:04-08:00 httpd: vhost mdc0:0 down on 99.139.x.x port: 50001
WRN 2009-01-26T04:07:04-08:00 cwmd: httpc_req_start No such file or directory
WRN 2009-01-26T04:07:05-08:00 cwmd: Previous log entry repeated 3 times
INF 2009-01-26T04:07:05-08:00 lmd: rnat0: Cleared all pinholes

-- Nice... NOT!
WRN 2009-01-26T04:07:05-08:00 vrsip: Broadband connection lost
WRN 2009-01-26T04:07:05-08:00 cwmd: httpc_req_start No such file or directory

-- Ok, heres "a" bridge, not sure if this is for the DMZ, or something else:
INF 2009-01-26T04:07:05-08:00 lmd: ipnet0: UP on bridge1 with 99.139.x.x/22 GW:99.139.72.1
INF 2009-01-26T04:07:05-08:00 lmd: ipnet0: UP on bridge1 DNS1: 68.94.156.1 DNS2: 68.94.157.1
INF 2009-01-26T04:07:05-08:00 lmd: rnat0: Cleared all pinholes

-- Again, no clue what port 50001 is about, it's not something I've done:
INF 2009-01-26T04:07:07-08:00 httpd: vhost mdc0:0 listening on 99.139.x.x port: 50001
WRN 2009-01-26T04:37:43-08:00 eth: met0: filter session space exceeded


BTW...
The uptime on the RG is: 8 days 13: 53: 03


1. I had mentioned previously that the logs are not complete, I found that there is a setting to have FULL LOGGGING that one needs to enable.

2. Even if AT&T's DNS servers are fubared, I don't have a static subnet. So I need to setup my router to receive an IP from the RG via DHCP.
I can't easily interject a specific DNS server on the router when it's setup to receive an IP via DHCP, that's really the dhcpd's job to do so.

3. I lost connectivity around 4am Pacific time this morning, is this common?
Never had this happen on a regular basis with ADSL before, as it seems to be with VDSL.

4. The logs are a bit screwy

INF 2009-01-25T10:20:05-08:00 cwmd: session started, server: 'https://cwmp.c01.sbcglobal.net/cwmp/services/CWMP', event code(s): '6 CONNECTION REQUEST'
INF 2009-01-25T10:20:06-08:00 cvd: VDSL Management: get_DSM: Total Time: 0 secs, Modem State: 7, Error Flags: 0x0
INF 2009-01-25T10:20:06-08:00 cvd: Previous log entry repeated 3 times
INF 2009-01-25T10:20:07-08:00 cwmd: session completed successfully
INF 2009-01-25T10:20:08-08:00 cwmd: session started, server: 'https://cwmp.c01.sbcglobal.net/cwmp/services/CWMP', event code(s): '6 CONNECTION REQUEST'
INF 2009-01-25T10:20:09-08:00 cvd: VDSL Management: get_DSM: Total Time: 0 secs, Modem State: 7, Error Flags: 0x0
INF 2009-01-25T10:20:09-08:00 cvd: Previous log entry repeated 3 times
INF 2009-01-25T10:20:14-08:00 cwmd: session completed successfully
WRN 2009-01-25T10:52:36-08:00 eth: met0: filter session space exceeded
WRN 2009-01-25T16:37:43-08:00 eth: Previous log entry repeated 5 times
INF 2009-01-25T18:04:32-08:00 cwmd: session started, server: 'https://cwmp.c01.sbcglobal.net/cwmp/services/CWMP', event code(s): '2 PERIODIC'
INF 2009-01-25T18:04:47-08:00 cwmd: session completed successfully


-- Not exactly sure what this is about:
WRN 2009-01-25T19:29:40-08:00 eth: met0: filter session space exceeded
WRN 2009-01-26T02:44:02-08:00 eth: Previous log entry repeated 2 times

-- OH JOY
INF 2009-01-26T04:05:56-08:00 cvd: CVD: network link is down
INF 2009-01-26T04:05:56-08:00 cvd: Using line 1
WRN 2009-01-26T04:05:56-08:00 eth: met0: filter session space exceeded
WRN 2009-01-26T04:05:57-08:00 vrsip: Broadband connection lost
INF 2009-01-26T04:06:05-08:00 lmd: dsl0: down (signal lost)
INF 2009-01-26T04:06:08-08:00 cvd: CVD: stop_dsl: got called
INF 2009-01-26T04:06:14-08:00 cvd: Previous log entry repeated 1 times
INF 2009-01-26T04:06:15-08:00 cvd: CVD: start_dsl: got called
INF 2009-01-26T04:06:54-08:00 cvd: CVD: network link is up

-- No, I am not getting 63Mbps - nice to know that "something" is at least capable of that speed.
INF 2009-01-26T04:06:54-08:00 lmd: dsl0: up G.993.1 interleaved Rate:25216/2048 Max:63036/2048
INF 2009-01-26T04:06:54-08:00 lmd: dsl0: Margin:27.0/0.0 Atten:10.8/0.0 Power:14.2/-24.0
INF 2009-01-26T04:06:54-08:00 lmd: dsl0: Country: {B5} Vendor: {GSPN} Specific: {153}

-- Ok, it's bridging which I kinda suspected
INF 2009-01-26T04:07:04-08:00 lmd: ipnet0: DOWN on bridge1 with 99.139.x.x
WRN 2009-01-26T04:07:04-08:00 cwmd: httpc_req_start No such file or directory

-- Say what? I NEVER open up a hole to port 50001
INF 2009-01-26T04:07:04-08:00 httpd: vhost mdc0:0 down on 99.139.x.x port: 50001
WRN 2009-01-26T04:07:04-08:00 cwmd: httpc_req_start No such file or directory
WRN 2009-01-26T04:07:05-08:00 cwmd: Previous log entry repeated 3 times
INF 2009-01-26T04:07:05-08:00 lmd: rnat0: Cleared all pinholes

-- Nice... NOT!
WRN 2009-01-26T04:07:05-08:00 vrsip: Broadband connection lost
WRN 2009-01-26T04:07:05-08:00 cwmd: httpc_req_start No such file or directory

-- Ok, heres "a" bridge, not sure if this is for the DMZ, or something else:
INF 2009-01-26T04:07:05-08:00 lmd: ipnet0: UP on bridge1 with 99.139.x.x/22 GW:99.139.72.1
INF 2009-01-26T04:07:05-08:00 lmd: ipnet0: UP on bridge1 DNS1: 68.94.156.1 DNS2: 68.94.157.1
INF 2009-01-26T04:07:05-08:00 lmd: rnat0: Cleared all pinholes

-- Again, no clue what port 50001 is about, it's not something I've done:
INF 2009-01-26T04:07:07-08:00 httpd: vhost mdc0:0 listening on 99.139.x.x port: 50001
WRN 2009-01-26T04:37:43-08:00 eth: met0: filter session space exceeded


BTW...
The uptime on the RG is: 8 days 13: 53: 03


Re: Security (or lack there of)

8 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 26, 2009 6:03:34 AM
0
(0)
Professor
Bridge1 IIRC consists of the wireless interface, HPNA interface, USB interface, and the Ethernet interface (4 port switch).  Port 50001 is a management port I believe for AT&T's software.
Bridge1 IIRC consists of the wireless interface, HPNA interface, USB interface, and the Ethernet interface (4 port switch).  Port 50001 is a management port I believe for AT&T's software.

Re: Security (or lack there of)

9 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 26, 2009 7:17:05 AM
0
(0)
Teacher
Thanks for the info on BRIDGE1.

I would have suspected that any management be done on the ATM side, not the IP side.

I guess that kinda confirms my suspicions regarding the laxed security that is being provided to U-Vers customers.

*sigh*
Thanks for the info on BRIDGE1.

I would have suspected that any management be done on the ATM side, not the IP side.

I guess that kinda confirms my suspicions regarding the laxed security that is being provided to U-Vers customers.

*sigh*

Re: Security (or lack there of)

10 of 11 (3,699 Views)
0
(0)
  • Rate this reply
View profile
Jan 26, 2009 1:57:55 PM
0
(0)
Professor
The U-verse network is purely IP to my knowledge.  They aren't using ATM as the transport method.
The U-verse network is purely IP to my knowledge.  They aren't using ATM as the transport method.

Re: Security (or lack there of)

11 of 11 (2,734 Views)
Advanced
You must be signed in to add attachments
Share this post
Share this post