A1 Telekom Austria uses internal IPs (10.x.x.x) for traffic between UMTS and DSL

December 25, 2011

When I tried to connect from my mobile phone to my DSL router at home and had tcpdump running on the router at the same time I though there is something wrong. I saw connection requests from an 10.62.35.x IP address from the Internet. My router was of course dropping these packets, as this IP address cannot arrive on the Internet uplink interface.

After some checking I realized that my mobile phone is the 10.62.35.x source address, and I needed to accept packets from on the Internet with the source address within the range of 10.62.0.0/16. It is good that I don’t use 10.62.0.0/16 subnets at home …. but if someone does, he has a problem. 😉

Anyway has anyone more information which 10.x.x.x IP addresses the A1 Telekom Austria (and Bob for my mobile) does use?

ps: The DSL router has a worldwide IP address but the mobile IP is local, surely to force businesses into more expensive plans to have a worldwide IP address. 😉

UPC (Austrian ISP) started using Sitefinder Service (Update)

September 3, 2008

The Austrian ISP UPC (Chello, Indo, Telesystem) has activated a system which sends your browser to UPC site if a domain could not be resolved. They say that this helps their less tech-savvy customers but I believe it helps them more. Because they can put some ads on this site. They are not the first to try this. 2003 Versign tried something similar (called Sitefinder) but it was stopped by ICCANN and user protests. But that was not a provider.

The system is an Opt-Out one and not Opt-In. You need to perform 5 clicks, fill out a form and time to wait for a support employee to get it deactivated. You should really Opt-Out as the system can lead to problems if an DNS server is responding too slow and the system tells you you’ve a wrong domain name. The other question is what happens with the data gathered by the search engine on this site, which tries to guess what you meant.

Update:

This site (german) contains all info how you can Opt-Out.

EU Member States Data Retention Transposition Measures

July 12, 2008

I got my hand on this list which is out of a PDF from the European commission, and I though it maybe also interests others. It shows the status of data retentions laws in the EU member states. So here is the list. (The list is sorted by the native names of the nations and not the English ones I used here, e.g. Deutschland vs Germany)

EU Member States Data Retention Transposition Measures List

.

Finally – Austria gets its own CERT

February 22, 2008

Many European nations have Computer Emergency Response Teams (CERT) for years now and finally Austria is on the way to play catchup. nic.at, the Austrian domain registry, plans to create it together with the Federal Chancellery of the Republic of Austria with four employees at the beginning. The Chancellor Alfred Gusenbauer declared: “The internet is a valuable infrastructure, which needs to be protect”. (Wow he truly go it!)

So much for the official version of it, but there is not all gold. The CERT should only be a information hub which provides international networking. So far so good, but what would be needed is a own infrastructure to react in cases of emergency otherwise no defense can be coordinated. But this is a typical Austrian solution, we will have our own CERT but it should not be that expensive as a real one.

A1 UMTS card under Linux – just works

January 27, 2008

I got my hand onto an A1 UMTS PC-CARD and I did some research on how to use it with Linux. At first just plug the card into your Notebook and look at the logfile (/var/log/syslog on Debian based distributions). On a Kubuntu Feisty and newer Kubuntu versions and Debian Etch it is supported as /dev/USBtty0. This worked for all Huwai based cards I got my hands on, also the USB versions.

You have now 2 possibilities:

The first is to use the official Linux drivers from Vodafone which work also for A1. Just go to http://www.vodafonebetavine.net/web/linux_drivers/

The advantage of the official closed source program is that it ships with a special program which shows you how good the reception is and if it’s using GPRS or UMTS – but it is closed source and maybe not available for your hardware and/or software platform. And specially it is an GUI application you may want the UMTS internet access for a display less router. The following describes how I did it on an Debian Etch based router.

First you need to install the pppd


# apt-get install ppp

Than you create following files with the shown content:


# cat > /etc/ppp/peers/a1
hide-password
noauth
connect "/usr/sbin/chat -v -f /etc/chatscripts/a1"
debug
/dev/ttyUSB0
115200
defaultroute
noipdefault
user "[email protected]"
remotename a1
ipparam a1
replacedefaultroute
usepeerdns


# cat > /etc/ppp/pap-secrets
"[email protected]" a1 "www"


# cat > /etc/chatscripts/a1
# ispauth PAP
# abortstring
ABORT BUSY ABORT 'NO CARRIER' ABORT VOICE ABORT 'NO DIALTONE' ABORT 'NO DIAL
TONE' ABORT 'NO ANSWER' ABORT DELAYED
# modeminit
'' ATZ
'' AT+CGDCONT=1,"IP","A1.net"
# ispnumber
OK-AT-OK "ATDT*99***1#"
# ispconnect
CONNECT \d\c
# prelogin
# ispname
# isppassword
# postlogin

Now download this perl script and change the PIN code (line 11) to the one of your card. Don’t forget to set the executable flag. Now you can go online with


# ./setpin.pl
# pon a1

The setpin.pl script needs to be called once each time you inserted your UMTS card. This setup is mostly identical for the other Austrian UMTS provides as they sell the same Huwai cards A1 does, just some Init commands are different. It is easy to find the correct ones for your provider with Google.

Active attacks on home routers underway

January 23, 2008

Only last week I posted about the UPnP attack vector on home routers and now Symantec is reporting active attacks on Mexican internet users. The purpose of this attack is to manipulate the DNS settings of the router so the user is directed to the phishing site for a popular Mexican bank. As there is no change on the computer itself, security software will have a hard time to detect such attacks. Sure the SSL certificate the fake site will provide is most likely faked, but most users just click Ok anyway. But my guess would be anyway that the phishing site is just plain HTTP.

But this is not the only attack vector even if a password is set for the router (not counting the default password). If a router allows the user to authenticate himself via a cookie, than an attacker needs only to provide an URL which includes the commands for the router. Sure the attacker needs to know the router which is used by the user, but thats not that complicated as you might think. For example in Austria an attack would be best done against Alcatel SpeedTouch router (configured to multi user mode) which used by the Telekom Austria since the start of DSL in Austria. And to make it worse, there is no password defined by default, so we don’t need a cookie attack at all.
It is therefore important to change the default password and to make sure the router requires a password each time you start your browser. It is also a good idea to restart your browser after you authenticated yourself against the router and before you surf through the internet.

You ask yourself how to attacker knows the IP address of the router? Thats easy – following possibilities exist:

  • just try 192.168.0.1 (or what is default setting for the router, which should be attacked)
  • get the IP address of the computer, and replace the last number of it with an one. (java script?)
  • use a applet (flash, java, ….) to get the default gateway or DNS server IP address – you’ve your router

The first one is the easiest one, but also the easiest to defeat. Just change the network to a new C-Class network out for 192.168.0.0/16, 172.16.0.0/12 or 10.0.0.0/8. eg. 10.133.122.0/24. So lets change to following mantra a little bit. Recommended steps for setting up your home router:

  • Unbox
  • Throw the disk away
  • Plug in your machine, Turn on the router and navigate to the Web-GUI
  • Turn off UPNP
  • Change the subnet of your router
  • Change default name and password, set WPA-PSK
  • Check that remote management is disabled
  • ….

I’ve changed the subnets of my routers for years, just because the 192.168.0.0/24 stuff didn’t look cool – so be cool and change yours too.

PPTP DSL Linux mini howto

January 12, 2008

I live in Austria and the only broad band Internet connection (not including the UMTS stuff) I can get is from the Telekom Austria and it is PPTP based and I’m using AON as Provider. I often hear from new guys in the LUGT (Linux User Group Tirol) that it is hard to set it up with Linux. It is not! I will explain here how to setup a PPTP tunnel to an Alcatel Speed Touch Ethernet modem on a Debian based distribution.

First we need to install some packages:


# apt-get install ppp pptp-linux

Than we need to set following IP on the network interface which is connected to the modem:


10.0.0.1/255.255.255.0

after this is done following should work:


ping 10.0.0.138

If not check if the LED for the LAN connection on the modem is on and that you’ve configured your interface correctly with “ifconfig”. It is now possible to use something like knet oder kppp to make the tunnel but I describe here the manual way for an small Linux server/router). Create a file
/etc/ppp/peers/aon with following content:


user your_long_aon_number (e.g. 49373880000)
noipdefault
defaultroute
hide-password
connect /bin/true
noauth
persist
debug

And /etc/ppp/pap-secrets with following:


49373880000 aon secret_password

Replace the number above with our own. If you’ve done this you just need to type following to make the connection:


# pptp 10.0.0.138 call aon

As this connection should be persistent we need to add a fail save script which monitors the pppd daemon. With this reconnect script, which I have running for > 5 years, I never had problems even if the tunnel stalled it was discovered and the tunnel reestablished. The content of the /usr/local/sbin/reconnect script is:


#!/bin/bash
/usr/bin/killall pppd 1>/dev/null 2>/dev/null
/bin/sleep 3
/usr/bin/killall pptp 1>/dev/null 2>/dev/null
/bin/sleep 3
/usr/bin/killall -9 pppd 1>/dev/null 2>/dev/null
/usr/bin/killall -9 pptp 1>/dev/null 2>/dev/null
/bin/rm /var/run/pptp/10.0.0.138 1>/dev/null 2>/dev/null
/bin/sleep 2
/usr/sbin/pptp 10.0.0.138 call aon

and in the crontab I’ve:


# m h dom mon dow command
0,30 * * * * ping -c 2 195.58.160.194 > /dev/null || ping -c 2 195.58.161.122
> /dev/null || /usr/local/sbin/reconnect

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 69 queries. 0.109 seconds.