freemypc
join:2008-04-12
1 edit | reply to YqE41k24
Re: [trouble] has my verizon supplied modem/router been hacked?
Thanks for all the info. I did as suggested by the Verizon tech on the other direct forum and updated the firmware and so far all that weird stuff seems to have stopped. One thing this modem has always done that I don't quite understand is it constantly has from the time I got it logged dns failures. They must be false, because if it truly was not making dns connections then wouldn't it in effect be disabled from using the internet at all? Anyhow I never mentioned this because I do not seem to have any kind of connectivity problems despite the router logging dns failures on numerous occasions. |
|
YqE41k24
Premium
join:2004-05-02
Tarrytown, NY | reply to Maze
busybox.net »www.busybox.net/about.html explains what busybox is. |
|
freemypc
join:2008-04-12
| reply to Maze
Ok I understand that you can't remove or disabled the embedded Linux Busybox, but when doing some research I've come across some interesting details. Verizon's firmware leave's out a setting to in effect turn off the router part of the box whereas people have been reflashing the bios to get the original Actiontec OEM supplied firmware. I just do not understand why Verizon does not allow or supply such an option in their firmware. I would try this if I knew it wouldn't harm or change the settings that it needs for connection to Verizon DSL. Also this version of the busybox on this device seems rather old as it list itself as v0.61pre, I believe that it is now up to like a version 2 or something like that now.
Someone posted in a different post about flashing their GT704 with a more advanced Verizon firmware. Where can one find Verizon supplied firmware updates? |
|
Maze
join:2006-02-02
Brooklyn, NY
4 edits | reply to freemypc
freemypc wrote:
Is there a way to disable the built in Linux without it disabling the modem's modeming capabilities? This modem has behaved poorly from way back when I first got Verizon's service. One more new thing is when I first login to the router it isn't showing my main PC or any other for that matter on the home status page where it says my network. And it is often reporting the wrong PC that is actually connecting to the net quite often such as my father will be on his PC located in the dining room and it will report the one in the room where the router itself is located as the online active PC.
==================================================
You can't turn the linux off, think of it as controlling a Micro controller. The linux "operating system" (embedded this time so it can fit on a limited space in that type of device. Most of these routers only have 2 mb flash and 1 mb other), on the device controls the physical device. What to turn on or off... or... Hope someone can explain better then I did. Basically the device is "dum" nothing without the operating system controlling the chip and circuits. As in analogy to a computer. However they could have used another OS if they wanted to. A home grown one or from another Company. Linux is free I guess, I would assume it uses iptables to run (firewall) it as well. I'm not sure what busybox is but it seems some bootloader into the embedded OS. If you turn off linux it would be like turning windows off. You would not have anything to run the computer. |
|
freemypc
join:2008-04-12
| reply to YqE41k24
I do not have UPnP enabled it says its off in the modem settings, although I did have this once before in the past to see if it was the root of my xbox disconnects, it wasn't since it was when Microsoft was having all those xbox live server issues back right after Christmas. The only thing different now is I now finally got one of those hard to get Nintendo Wii's and have that setup for net access. Could it possibly be what has started all of this? Even though I did remove it and reset the modem and then it started all over again with this strangeness. Is it normal for the router to be accessing and or storing cookie files, and or doing something with passwords? Is there a way to disable the built in Linux without it disabling the modem's modeming capabilities? This modem has behaved poorly from way back when I first got Verizon's service. One more new thing is when I first login to the router it isn't showing my main PC or any other for that matter on the home status page where it says my network. And it is often reporting the wrong PC that is actually connecting to the net quite often such as my father will be on his PC located in the dining room and it will report the one in the room where the router itself is located as the online active PC.
Anyhow thanks for your help I have also posted to the other forum where official Verizon employees assist and hopefully will here something from them very soon.
One last thing is I do not believe my PC is infected with a virus as I done a complete wipe and reformat due to some issues with buggy hardware drivers that I could not seem to get uninstalled and replace with the originals. |
|
YqE41k24
Premium
join:2004-05-02
Tarrytown, NY
| reply to freemypc
Did you turn on Universal Plug and Play (UPnP) recently on the router or a computer? The SOAP message refers to "InternetGatewayDev" which is part of UPnP.
said by freemypc  :(GMT-06:00)12:28:19 Sat Apr 12 2008 stunnel[446]: SSL_read (ERROR_SYSCALL): Connection reset by peer (131) (GMT-06:00)12:28:56 Sat Apr 12 2008 thttpd[51]: Error with DigestResponse auth file = /var/.sys/.htpasswd-digest_tr69 (GMT-06:00)12:29:05 Sat Apr 12 2008 syslog: tr-69-client end with: HTTP/1.1 200 OK^M Date: Sat, 12 Apr 2008 17:28:54 GMT^M Content-Length: 455^M Content-Type: text/xml; charset=UTF-8^M Set-Cookie: JSESSIONID=LQxWsl1hyfzJP4C21L5pNDJqL7flvmPJyqG5971QW17Xrvv tp://www.w3.org/2001/XMLSchema-instance > oapenv:Header/> oapenv:Body> wmp:InformResponse> axEnvelopes>1MaxEnvelopes> cwmp:InformResponse> soapenv:Body> soapenv:Envelope> (GMT-06:00)12:29:16 Sat Apr 12 2008 syslog: [truncated] tr-69-client end with: HTTP/1.1 200 OK^M Date: Sat, 12 Apr 2008 17:29:06 GMT^M Content-Length: 900^M Content-Type: text/xml; charset=UTF-8^M ^M oapenv:Envelope xmlns:soap= »schemas.xmlsoap.org/ ustUnderstand= 1 >68251444cwmp:ID> soapenv:Header> oapenv:Body> wmp:SetParameterValues> arameterList soap:arrayType= cwmp:ParameterValueStruct[1] > arameterValueStruct> ame>InternetGatewayDev > Messages such as this
said by freemypc :"GMT-06:00)16:02:11 Sun Oct 29 2006 syslog: All DNS servers tried, no response. (GMT-06:00)16:02:11 Sun Oct 29 2006 syslog: failed dns request len=56,srcip=192.168.1.1, url=isatap.VZN (GMT-06:00)16:02:12 Sun Oct 29 2006 stunnel[423]: VERIFY ERROR: depth=0, error=certificate is not yet valid: /C=US/ST=Texas/L=Irving/O=Verizon Data Services Inc./OU=sslr/CN=cpe-ems1.verizon.com could be due to your router not having connected to Verizon yet. The timestamp for these messages refers to 2006. Your router then acquires a connection and determines the correct time.
This is a normal message
said by freemypc :"(GMT-06:00)12:28:19 Sat Apr 12 2008 stunnel[446]: SSL_read (ERROR_SYSCALL): Connection reset by peer (131)" It happens all the time and isn't indicative of an error. |
|
Jodokast96
R.I.P Bassman442
Premium
join:2005-11-23
Erial, NJ | reply to sashwa
Honestly, I'd take this over to the Security forum. |
|
sashwa
Pixie Cat Crunchin' n Foldin'
Premium,Mod
join:2001-01-29
Alcatraz
clubs:  | reply to freemypc
You might try here:
»/forum/vzdirect |
|
freemypc
join:2008-04-12
| reply to Maze
Re: [trouble] has my verizon supplied modem/router been hacked?
Do you mean I need to send it back to Verizon and let them look at it? Will they send me a replacement before or after I send mine back? Again this has got me very concerned and worried as its never done this before. I do notice however that whenever I do a fresh reboot of the modem/router it first contacts Verizon such as
"GMT)16:01:15 Sun Oct 29 2006 syslogd started: BusyBox v0.61.pre
(GMT)16:01:15 Sun Oct 29 2006 init: Waiting for enter to start `/bin/sh` (pid 86, terminal /dev/tts/0)
(GMT-06:00)16:01:16 Sun Oct 29 2006 logic: stunnel conf 2: TR-069 1 /var/etc/stunnel2.conf »»https://cpe-ems1.verizon.com/cwmpWeb/CPEMgt 1 8080
(GMT-06:00)16:01:18 Sun Oct 29 2006 logic: dhcps starting
(GMT-06:00)16:01:24 Sun Oct 29 2006 udhcpd: udhcp server (v0.9.7) started
(GMT-06:00)16:01:24 Sun Oct 29 2006 udhcpd: ADD" It then goes through the process of adding my PC's and devices with one odd thing one of my PC's that I have taken offline is still being added to this router. I dunno if thats normal behavior or not but I wouldn't think after I did a hard reset and that PC is not been connected or powered on it should still be detectable.
Also here is more of the strangeness of the syslog activity,
"GMT-06:00)16:02:11 Sun Oct 29 2006 syslog: All DNS servers tried, no response.
(GMT-06:00)16:02:11 Sun Oct 29 2006 syslog: failed dns request len=56,srcip=192.168.1.1, url=isatap.VZN
(GMT-06:00)16:02:12 Sun Oct 29 2006 stunnel[423]: VERIFY ERROR: depth=0, error=certificate is not yet valid: /C=US/ST=Texas/L=Irving/O=Verizon Data Services Inc./OU=sslr/CN=cpe-ems1.verizon.com
(GMT-06:00)16:02:12 Sun Oct 29 2006 stunnel[423]: SSL_connect: 14090086: error:14090086:lib(20):func(144):reason(134)
(GMT-06:00)12:28:19 Sat Apr 12 2008 stunnel[446]: SSL_read (ERROR_SYSCALL): Connection reset by peer (131)
(GMT-06:00)12:28:56 Sat Apr 12 2008 thttpd[51]: Error with DigestResponse auth file = /var/.sys/.htpasswd-digest_tr69
(GMT-06:00)12:29:05 Sat Apr 12 2008 syslog: tr-69-client end with: HTTP/1.1 200 OK^M Date: Sat, 12 Apr 2008 17:28:54 GMT^M Content-Length: 455^M Content-Type: text/xml; charset=UTF-8^M Set-Cookie: JSESSIONID=LQxWsl1hyfzJP4C21L5pNDJqL7flvmPJyqG5971QW17Xrvv
tp://www.w3.org/2001/XMLSchema-instance > oapenv:Header/> oapenv:Body> wmp:InformResponse> axEnvelopes>1MaxEnvelopes> cwmp:InformResponse> soapenv:Body> soapenv:Envelope>
(GMT-06:00)12:29:16 Sat Apr 12 2008 syslog: [truncated] tr-69-client end with: HTTP/1.1 200 OK^M Date: Sat, 12 Apr 2008 17:29:06 GMT^M Content-Length: 900^M Content-Type: text/xml; charset=UTF-8^M ^M oapenv:Envelope xmlns:soap= »schemas.xmlsoap.org/
ustUnderstand= 1 >68251444cwmp:ID> soapenv:Header> oapenv:Body> wmp:SetParameterValues> arameterList soap:arrayType= cwmp:ParameterValueStruct[1] > arameterValueStruct> ame>InternetGatewayDev
>
(GMT-06:00)12:29:16 Sat Apr 12 2008 syslog: cli_settings.sh lan0 hostname:settings/ACS_PeriodicInformInterval 604800 > t
(GMT-06:00)12:29:17 Sat Apr 12 2008 cli: Second instance already running
(GMT-06:00)12:29:17 Sat Apr 12 2008 cli: Second instance already running
(GMT-06:00)12:29:18 Sat Apr 12 2008 cli: Second instance already running
(GMT-06:00)12:29:33 Sat Apr 12 2008 pc: act_hnm not exist, restart it"
Again I am not familar with how these things work of Linux but I believe SSL is that thing in your webbrowser that is supposed to make secured closed sessions, am I correct on this?
And that one error seems to happen at frequent intervals the one listed as this,
"(GMT-06:00)12:28:19 Sat Apr 12 2008 stunnel[446]: SSL_read (ERROR_SYSCALL): Connection reset by peer (131)"
Where can you contact official Verizon employees for help in these forums?
Thanks again for your help and support. |
|
