Of note - don't go messing with your modem at random unless you
- are familiar with this stuff
- are patient and careful
- don't mind spending lots of time without a working internet connection
The modem's default LAN interface is at 192.168.1.1 and uses the username DSL with the password DSL. Something that didn't occur to me until I starting changing settings is that this modem/router has a plain http interface, so whatever you do is sniffable on the LAN. It doesn't mean much in most home settings, but do make sure your LAN is secure before you start changing things, or you might not be the last one to be making changes! Another weird fact is that the http interface didn't render properly in Epiphany. Firefox worked fine though.
Start by downloading the documents from Gentek's ftp site under ADSL modems. The biggest part of what I did was plainly laid out in the quick start 'ethernet port configuration' guide. There's a complete manual there as well if you want all the details. I've got more reading to do myself.
Of note, the ftp site also shows a Firmware section, but several forums I visited seemed to indicate reflashing this particular modem is very prone to bricking it, and that it's just not worth chancing it.
It's a bit amusing that the most repeated line in the quick start guide is
DO NOT MAKE ANY OTHER CHANGES
I did of course. :-) Here's the highlights.
First up look at the Admin tab and find the Backup/Restore option. Make a backup of your settings before you start so you have a fall-back position. Then make another backup when you are done so you can upload it again later when the modem dies and you get a new one from your provider. (Murphy says he'll send you a different model, unless you fail to make your backup now of course.)
Note on this tab there is a Commit and Reboot section. The save buttons all through the web interface make the settings active, but don't make them permanent. You have to 'Commit' them so they take effect the next time. The Reboot option is quicker and easier than unplugging it all the time.
Also on this tab is the user section. You probably want to change the default password from it's very original setting.....
On the Services tab, under uPnP - disable it. (Unless you like things changing your firewall rules without telling you about it)
Also on the Services tab, under SNTP, add pool.ntp.org as a server so the logfiles the router keeps actually mean something. :-)
There's lots of other stuff here you can explore like some simple parental controls, SNMP etc.
I could have left the LAN side as manually assigned IP since in the final setup all that will be hooked up to it is our home server (see the last post for a pretty diagram), but I decided to turn DHCP on. That way I can use it without the home server in the interim, and it shouldn't cause us any issues down the road. I did pick an oddball IP subnet rather than the ever popular 192.168.1.0/24 range - when you start connecting subnets via VPN's or what have you, it's so much easier if all the pieces involved don't overlap at all.
I did get one nasty surprise as I was doing this. I used the Admin Management Control section to turn off all the various management interfaces of the modem on the WAN side. I left only http and telnet on the LAN side active.
The telnet thing is pretty interesting actually. It looks like it has an extensive CLI interface that operates quite differently than the http style one. I left it active so I can explore that further when the mood strikes.
Now here's the nasty part. No matter what I did, or what settings I put in that management panel, http, telnet and ftp were all available on the WAN side!
That's such a nasty bug I wonder if it's deliberate to all ISP's into their modems regardless of what the user specifies? Just goes to show - always test to make sure you accomplished what you think you did.
To make sure the router can't be altered from the WAN side, I ended up using the firewall section under Services - IP Filter. Simply changing the security level to 'low' activated the rules that blocked the telnet, http and ftp ports. As we go along with our home server project I'm sure we'll end up revisiting this page for more fine-tuning, but those simple rules in combination with the natural firewalling NAT provides will get us going here anyway.
I tried running downloading a sizable torrent over the last couple days (yes, my high speed is a bit of an oxymoron, but the torrent is multiple gigabytes...) and it's been rock solid. So far I feel like I'm on the right track.
Now, if I can resist the urge to dig out my old XBox and keep going with this project instead we can make some real progress.....
Ubuntu Home Server Noise: Hacking the Gnet BB2060
ReplyDeleteHi folk! Greetings from Brazil! I am also tempted to hack my modem. :-) But in my case, things will be a little more agressive! hehehe It happens that I have a DSLink modem that uses the same chipset (Conexant Vulcan), same leds, same displacement etc, that Gentek's 2060. I've visited Gentek's public ftp and downloaded the latest firmware version, but I can't unzip the file cause it's password protected... :-( I was wondering if you know the password or where I can get it. Ow, and you must be thinking: why the heck this guy wants to flash a manufacter's firmware in another manufacturer's modem? The fact is that DSLink's firmware is full of bugs and their support is... inexistent. Thanx in advance. See ya!
I don't know what that password is. But considering how silly their default password is in the interface I'd try a bunch of guesses and see if one of them works. e.g. try DSL GENTEK PASSWORD FIRMWARE OPENFORME BB2060 FIRMWARE SECURE or anything else you might think of.
ReplyDeleteI'm not sure how good the password security of a zip file is. I would think there's got to be some dictionary attack style programs out there if you dig about.
BUT PLEASE PLEASE NOTE! I did see comments that those modems don't flash well, and often fry!
You might search the forums here and see the posts I did on this modem.
I did see this page" as well - but didn't actually download it to see what it is...
Hope this helps - and good luck!