MagicalTux in Japan

Geekness brought me to Japan!

Posts Tagged Router

KDDI in Japan: new routers?

Oct 3

Posted by MagicalTux in Hacking | 1 Comment

KDDI in Japan recently started to provide new routers to people who migrate. The main change when receiving the new router is the fact there is no longer a need for a PPPoE session, which means a larger bandwidth available on the line.

However the nice shiny router provided by KDDI has not enough CPU power to route that much traffic, so like anyone else why not use a small linux box (in this kase a Kurobox Pro) and have it do the routing stuff?

Easier said than done. Our friends at KDDI really want everyone to use their modems (a BL190HW) and have added a few ways to avoid people with normal routers to use their network.

The first thing anyone will notice is the fact the router will only talk to the device with the right MAC address. That’s a quite common protection, and changing the MAC address of a device is trivial. After doing this the network works fine for a few hours then… nothing.

I then connected the router they provided and had a look at the stuff that went through on the network… and I noticed something else.

Our friends at KDDI have decided to add an extra “layer” of security: the modem will login using EAP authentication over ethernet (protocol 0x888e) using the modem’s serial number as login and an unknown secret. Since I do not have access to the modem firmware, it’s difficult to know what the secret is, however I do not want internet to go down every X hours, so I wrote an “EAP relay” which receive EAP-over-ethernet frames on two interfaces and will relay them to the other interface. The program I wrote is ugly but works.

Now I’ll work to get a copy of the firmware (if the modem indeed checks for update, it should be trivial) and analyze it to see if I can either:

  • Find how the secret is stored and/or generated
  • Locate any security exploit that would allow root access on the box
  • Crack/locate the password for the box
  • Push a modified firmware update to the router that would allow access from outside

The router introduces itself as “NetBSD/ovismips” via telnet, however refuses root login over this kind of non-secure channel…

Tags: , , , , ,

Birth of a new webcomic?

May 20

Posted by MagicalTux in Geek Attitude | 1 Comment

Today I was explaining to someone how data is being transmitted between routers on Internet. Thinking a bit more I believe stories involving routers communicating around the world encountering various stories (blocking firewall, rogue BGP packets, DDoS, etc) could make an interesting webcomic, both on the amusing side and the educational side.

Just so you know I absolutely sucks when it comes to drawing stuff, however the pencil tool in gimp seems to give interesting results (maybe). The easiest is to look at my first drawing explaining the structure of a packet and showing a router getting ready to route one of such packets.

The truck represents the link layer (usually ethernet). The idea with this image was to show that a router will usually just look at the IP layer and never look lower unless it is the target of the packet (ie. bgp sessions, etc).

Anyway I’ll see if I can put another image a bit bigger with frames (let’s try 3~4 frames) and a small fun story involving routers and packets (routers don’t have hands, they manipulate and direct packets with thoughts. Having to move hands would make the routing process too long). Now what’s missing is a name for this potential webcomic (and maybe someone to draw the stuff better than I do ; while I think routers are OK as blobs with big eyes, I need to improve my drawing of a truck and a packet)…

Tags: , , ,

Netindex RS-LJ01, is it GPL compliant?

Nov 15

Posted by MagicalTux in Geek Attitude, Japan | No Comments

Being in Japan allows one to find some extraordinary things at the big place which sells almost everything, ranging from bikes to computer parts, health products, video games and food.

My latest discovery is known as RS-LJ01. It is a small Wifi router made to be used anywhere (got a battery for 4 hours of routing) and an USB port to connect a 3G usb stick. With this you can have your Wifi hotspot in your pocket, and bring it anywhere.

The device is interesting, but the interface is all in japanese and I had some troubles with my basic japanese knowledge and some help from Google Translation to understand what was happening. I first configured my 3G login/password and got internet working, then tried to configure the device to use WPA and not WEP, but then I wasn’t able to login to the WPA network. Took me a while to find the reset button. I made new attempt at WPA using the “secondary SSID” option, without much success either.
I would really love to see what’s wrong with the WPA encryption myself (and maybe fix it), but without more informations about the device, it’s not going to be easy.

Read the rest of this entry »

Tags: , , , ,

Modifying incoming packet size on a linux router

Sep 23

Posted by MagicalTux in Geek Attitude | No Comments

Since I’ve setup my linux router, I noticed that some websites weren’t available anymore. The connection was established, sometimes I could even get small pages (ie. redirect pages), but most of the time, the interesting pages didn’t work.

Searching on internet helped me to suspect packet size. If the remote site was sending packets which are too big, they would get dropped, with an icmp reply saying “make things smaller, man” (in computer terms).

However, for some reason it may not work, if icmp packets are dropped, or if anything like this happens.

The symptom in my case was simple. I could access everything from the router itself, but from client computers, connection was hanging forever without data coming… Some tcpdump showed me that the mss (requested max packet size) value in the initial SYN connection packet sent by my router was 1414 while the one sent when the connection came from a client computer was 1460. That’s a 46 bytes difference. Knowing that networking in Japan is not the same as what I’m used to (for example, the VHDSL modem I use to connect to Internet also provides IPv6 directly, while IPv4 is obtained through PPPoE ; I suspect pppoe in fact transits through ipv6), I decided to change the value of mss in the connection packets.

Easier said than done, setting the MTU on ppp0 or changing mss in route didn’t have any impact on the data sent.

When nothing works, it’s time to use iptables for some dirty work:

iptables -I FORWARD 1 -o ppp0 -p tcp -j TCPMSS --tcp-flags syn,fin,ack syn --set-mss 1414

For all forwarded tcp SYN packets to interface ppp0, I set the mss to 1414… and guess what? It works. I can finally access websites that didn’t work. Strange workaround, and something I didn’t think I would ever have to do… well… life is weird.

Tags: , , , ,