[TriLUG] open ports on Uverse 2wire gateway -- revisited

James Jones jc.jones at tuftux.com
Tue Feb 4 19:30:03 EST 2014


Joe and all,

I still I have a feeling that I am not conveying my problem correctly.
I like to draw pictures to illustrate my problem, the best I can do
here is the following:

[The cloud ] --->[ Uverse's 2wire Gateway ] ---> [ customer's winxp computer ]

about the gateway.

UVERSE calls their box a gateway, it is a combined modem & router
which also has a dedicated network port to feed video packets to what
UVERSE calls their TV Receiver. The company doesn't utilize the TV. It
is a modified 2Wire box model 3800 or 3801..

Security Metrics, from it's location in the cloud scans the WAN ip
address of the Gateway for open ports from the cloud side of the
gateway. Once it finds open ports, it does some pen testing and in the
case of this ip address, finds several open ports and one exhibits a
vulnerability within the responding software at that port.

Because of this vulnerability, Security Metrics fails the customer for
PCI ( Credit card security ) . The best that I can determine, the
vulnerability is within a port that UVERSE uses to access the the
inner workings of the 2Wire Gateway for updates, changes in firmware,
etc.

My biggest problem is that UVERSE either can't or will not scan the ip
and continues to tell me that there are no open ports on the box. I
have asked several times to escalate the problem and they say that I
am at the upper most tech support level. It wasn't easy to get tech
support to get a supervisor to the phone. The only solution they
offered was to direct me to a fee based tech support.

I am not in a position to approve a financial commitment for the
customer. The customer thinks that if it is a UVERSE problem, that
UVERSE would want to fix it.

The supervisor said that I could "write a letter to corporate" for a
solution. That doesn't sound too promising.

As a temporary fix, I have convinced the company to remove credit
cards from their computer. It will mean more work for the two
employees, but the safety of the customer's credit card information is
paramount.

Such is life --

jcj KK4VUS

On Tue, Feb 4, 2014 at 3:58 PM, Joseph Mack NA3T <jmack at wm7d.net> wrote:
> On Tue, 4 Feb 2014, James Jones wrote:
>
>> Joe,
>>
>> This is the 2wire Uverse Gateway which has both the modem & router in one
>> box with a not so friendly way to use port forwarding and the problem is in
>> the ports facing the internet ( mainly ports used by AT&T's Uverse to access
>> the Gateway ).
>
>
> got that.
>
> I have no idea what/how a 2 wire gateway works. Still it has to be data
> coming in in some format on some physical layer and ethernet coming out the
> back. So it's a protocol converter. As far as you're concerned, you get
> ethernet. You don't get to interact with AT&T's 2 wire protocol.
>
>
>> If bridging were enable how would it help my situation. From what I can
>> find, bridging is not an option on the 2wire gateways.
>
>
> My dsl provider swore up and down that bridging wasn't available on my modem
> either, until someone here on the list said that was BS. After several tries
> to techservice and getting people who'd been working there for decades and
> were experts and saying that such a thing was technically impossible, I
> finally got someone who said "of course, we do this all the time for our
> customers". He took me to a part of the router's menu I hadn't noticed and
> showed me what to do.
>
> Bill just came up to say you can't have bridging, but you've got something
> else which might do apparently
>
> (Explanation of bridging follows. Sorry if this is redundant.)
>
> In bridging the box just is a protocol converter. The box will not have any
> IPs. (In fact it will have one IP, probably 192.168.1.1 on the ethernet
> device. It's only there so you can configure it. Once the modem is
> configured, this IP is not part of the modem's function.)
>
> In bridging mode, the ethernet port on the inside of the modem is wired
> through to the ethernet network at the ISP. You can dhcp through it and the
> dhcpcd box will get an IP in the ISP's network. This IP is the IP that the
> outside of the modem would have got in non-bridging mode.
>
> The modem just looks like an ethernet wire into the ISP. You now need a
> router/firewall etc on the inside of the modem. I use an old 586 box with 3
> ethernet cards; one to the ISP with a public IP, and two with private IPs,
> one to the admin/DMZ and another the users. On the user's network I have the
> wifi boxes spread around the place, all with the same SSID. The router
> handles squid, DNS, DHCP, rrdtool, openvpn.
>
> An example of bridging that may be more relevant: You have a wap (wifi box),
> and you only use the lan ethernet ports. You connect one lan port to the
> user's network (say 10.0.1.0/24). The wap has the IP 192.168.1.1 and is
> listening on port 80 for configuration input. You come along with your
> laptop on 192.168.1.254, plug into another of the wap's lan ports and
> configure the SSID of the wap. You unplug the laptop and associate with the
> SSID. You get an IP in 10.0.1.0/24. The IP 192.168.1.1 is still on the wap,
> but you can no longer easily get to it, unless you know it's there.
>
> With your modem in bridge mode, AT&T can't get to the 192.168.1.1 IP on your
> modem.
>
>
> Joe
>
> --
> Joseph Mack NA3T EME(B,D), FM05lw North Carolina
> jmack (at) wm7d (dot) net - azimuthal equidistant map
> generator at http://www.wm7d.net/azproj.shtml
> Homepage http://www.austintek.com/ It's GNU/Linux!
> --
> This message was sent to: jc jones <jc.jones at tuftux.com>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/jc.jones%40tuftux.com
> Welcome to TriLUG: http://trilug.org/welcome



-- 
Jc Jones
Blogs -
http://www.wendellgeek.com/weblog/
http://www.wendellgeek.com/kixtech/


More information about the TriLUG mailing list