 | | Knew this 2 years ago, SWB wouldn't listen Two years ago when I first got DSL from Southwestern Bell (SBC) I found these same fatal flaws in the Alcatel 1000 modem sold to me by SBC. For nine months I went up and down and up the chain trying to get someone to listen to me. I got hung up on, chastised, called a liar, lied to, and ultimately ignored even after providing reams of log files and evidence. SBC refused to exchange the modem or even just to provide a solution to turn off these services running on the modem. I dropped their DSL service AND the telephone line after the contract expired.
I hope Southwestern Bell chokes on this report. Bastards. | |
|
 |  lml2000Whazzup
join:2000-08-17
Los Angeles, CA | Re: Knew this 2 years ago, SWB wouldn't listen dfountain:
You sound quite upset by all this, and with apparent good reason. I, for one, was not happy to see Alcatel push its product line into SBC, first displacing Nortel on DSL equipment, then somewhat taking the lion's share of the market for AFC's UMC1000 when SBC decided to deploy Litespan2000 in the more densely provisioned gateways. Just a few weeks ago I came across some comments that indicated some problems with Litespan. Well, at least Alcatel is consistent.
The problem today, I think, too often cost is given more weight than technology. Alcatel went pretty aggressive a few year ago to push its product line, and the way they did this was price more so than quality. They simply made SBC a deal they couldn't refuse. JMO. | |
|
| | | Is this just Alctel modems? Having a Cisco 675 that is used in bridging mode, I know there are issues with security, but is the Cisco any better? | |
|
| |  computxnullus cogito ergo google.Premium
join:2000-09-02
Kirksville, MO |  Re: Is this just Alctel modems?
| |
|
| |  mongo58Let Me Spit Shine That Pinkley Taurus
join:2001-04-11
Salem, OR | Probably not, but update to CBOS 2.2.x or higher to be sure.
said by rleighton:
Having a Cisco 675 that is used in bridging mode, I know there are issues with security, but is the Cisco any better?
| |
|
| | | Anon | I work for a dsl provider that uses the 675 and 678, in bridge mode the router acts as a straight wire connection, there is no security, I would suggest a good software firewall and anti virus. check out the security forum here at dslr for a lot of good info. as for a firewall check out www.zonelabs.com they have a really good firewall that is free
--
Don't be to impressed with this technological terror you have constructed... | |
|
| | | | | Re: Is this just Alctel modems? said by Darth DSLTech:
I work for a dsl provider that uses the 675 and 678, in bridge mode the router acts as a straight wire connection, there is no security, I would suggest a good software firewall and anti virus. check out the security forum here at dslr for a lot of good info. as for a firewall check out www.zonelabs.com they have a really good firewall that is free
I've got a Linksys router between the computers and the modem now. They added SPI to the latest firmware and seems to work fairly well. | |
|
| | | Re: Knew this 2 years ago, SWB wouldn't listen As one of the authors of the SDSC report, I know I'd sure like to hear about your experiences. Could you send us a note at security@sdsc.edu?
Also note that Alcatel is in full damage-control mode: They are blaming the DSL providers for not configuring the "built-in firewall". Guess they didn't read either their own web pages (see the bottom of the SDSC advisory), or their own documentation, or the advisory itself.
The Speed Touch Pro apparently does have an "optional firewall"; Alcatel claims that the Home version (and the 1000 ADSL) are inherently safe even without the firewall. We were unable to find the firewall code in
the ST Home firmware.
--tep | |
|
| | hshaw
join:2000-10-01
Mountain View, CA | Re: Knew this 2 years ago, SWB wouldn't listen said by Tom Perrine:
Also note that Alcatel is in full damage-control mode: They are blaming the DSL providers for not configuring the "built-in firewall". Guess they didn't read either their own web pages (see the bottom of the SDSC advisory), or their own documentation, or the advisory itself.
Tom,
Have you tested Alcatel 1000s with firmware revision AA?
These older A1000s have hard-coded config and don't support a web interface (or any other way to be configured).
I've verified that my A1000 xxxx-AA modem cannot be reached at 10.0.0.138. Suggest you independently verify for yourself.
If you find this information correct, you should probably update your SDSC report, so as not to panic the few of us that still have these dinosaurs.
IIRC Alcatel added the web interface (and end-user configurability) for A1000s starting with firmware revision AB.
BTW Alcatel damage control press release is here. | |
|
| | |
| Re: Knew this 2 years ago, SWB wouldn't listen said by hshaw:
BTW Alcatel damage control press release is here.
Alcatel is so full of baloney. Here's an excerpt:
quote:
Secondly, the method of getting into the modem is more advanced, and it is a standard practice used by hackers. The way it works is that they fake local communication via the WAN interface by using an ECHO port on a UNIX server connected to LAN network. The modem assumes communication comes from the modem owner and is secure. However, this is an old security problem in all data communication networks and is solved by means of a firewall.
This was their answer then, as well as now. So I have to pay another 50-200 dollars to protect myself from hardware that was FORCED upon me? And even then, a firewall does not protect the modem itself unless the firewall is implemented at the ISP.
What kind of stunt do these people think they're pulling?
It wouldn't have been so bad if Alcatel provided documentation for all the backdoors in the modems. But when confronted with the evidence, it was all denied. At least there should have been a way to turn OFF the services.
[text was edited by author 2001-04-10 19:18:04] | |
|
| | | hillardkPremium
join:2000-11-25
San Francisco, CA | Thanks for your note especially the link "here". Alcatel does not make it easy to find info on the web page and your link saved me a lot of time.
More importantly I did try to examine my ST Home using their description of how to telnet. I think however that PacBell changes the telnet address when they ship there modems (the ST Home). The address on the Alcatel site 10.0.0.138 did not work for me when directly connected through their modem using Enter300 which ships with the PB hardware.
It would be much appreciated to hear from you regarding their "damage control page" you linked and any comments about trying there proceedure to examine ones own Alcatel hardware.
Since I do not visit the dslreports page often if you could also copy me at my direct e-mail address noted below I would be very appreciative.
Best regards and thanks again.
Hillard Kahan
hkahan@post.harvard.edu | |
|
| | | | hillardkPremium
join:2000-11-25
San Francisco, CA |  Re: Knew this 2 years ago, SWB wouldn't listen
Hillard
hkahan@post.harvard.edu | |
|
| | | LOL... I had one of those modems.. hell it was my first DSL modem... now it sits in my in my basement collecting dust. | |
|
| | | CERT will have an advisory out within the hour. It pretty much re-iterates our note, with some clarifications, I guess.
We worked with them on it, and it looks pretty good.
For those of you asking about 1000 ADSLs, we only had one, with one version of the firmware. We pretty much put most of what we know into the advisory, at least all the safer stuff. There will be updates as we
play with the things some more. Mostly we wanted to show all the cool stuff you can find out about your connection, so as to help a not-always-super-clueful provider debug the connections 
Keep checking in at
»security.sdsc.edu/self-help/alcatel
My DSL took 12 months from the first order, and 3 months from the initial install, to work perfectly, by the way | |
|
| | |
| | | | Re: CERT Advisory to be ot today My DSL took 12 months from the first order, and 3 months from the initial install, to work
perfectly, by the way
***************
And you don't see any conflict of interest here? I only read your report quickly but I do not recall this little tidbit being mentioned... | |
|
| | | | | Re: CERT Advisory to be ot today No conflict of interest. The delays were due to mis-communications
between my me, my DSL provider, and my ISP (the University) should have made that clear, as well as the joys of bringing DSL into an area where there are only 2-pairs to the house, which already had two analog lines on one pair (mux'ed) and ISDN on the other pair.
For a while we thought that there would be trenching involved :-(
Didn't mean imply that this was a DSL problem, just that I "feel the pain" of DSL users waiting for installations... | |
|
 rflack50WackoPremium
join:2000-12-12
Sacramento, CA | How bad is this? How bad is this? I have an alcatel speed touch home modem. How, and where do i put in the password? Anybody know? | |
|
|  justinAustralian
join:1999-05-28
New York, NY
kudos:7 | Re: How bad is this? I'm guessing you can point your web browser to 10.0.0.138 and have the chance to config things. Or refer to your user manual? | |
|
| | rflack50WackoPremium
join:2000-12-12
Sacramento, CA | Re: How bad is this? Hi Justin
I did what you said and no go. I also looked it up in my book, and it said the same thing. Any other suggestions for us technologicaly impaired? | |
|
| |  sporkmedrop the crantini and move it, sisterPremium,MVM
join:2000-07-01
Morristown, NJ | You have to have your pc on the same subnet, so boot up with your pc at say, 10.0.0.137 and then telnet to it... | |
|
| | |
| | Flaws galore Alcatel claimed better distance performance than Nortel. That overshadowed the flaws in provisioning, security, and (most of all) reliability. Watch out for Pulsecom- they seem to be gaining speed. | |
|
| | | Re: Flaws galore Heelllllp! Speaking on reliability, anyone experienced bridging issues when using the modem on largish networks? | |
|
| | Westell modems also affected?. My Westell WireSpeed has Alcatel firmware version 1.4.1. Can anyone confirm that Westell modems are also affected by the security issues since they use this firmware too?
Could Tom Perrine from SDSC shed some light on this? | |
|
| | EXPERT Mode Does anyone know what some of these EXPERT mode commands are?
Im interested in seeing some details on the speed of the connection to the DSLAM etc, ive logged in as EXPERT, but no aditional commands are listed in the help, and I havn't been able to locate any documentation on it on the web. | |
|
 Broadband_man$Broadband, Running To The Future..Premium
join:2000-12-30
Who cares?? |  I believe...
I do not have any information stating either that they. I do know you can set the cayman into bridged mode. However I do not know of the security features of this modem.
2wire has a HPNA modem that SBC is starting to sell next month. It supposedly has the firewall as part of the software, and is updateable.
Also, I have been informed that certain network cards also have a built in firewalls now. (need someone to confirm that one, I have read about, do not remember where | |
|
| I wonder.. gone
[text was edited by author 2001-04-11 14:20:00] | |
|
| dohpazPremium
join:2001-01-27
Stow, MA | Re: I wonder.. | |
|
| | I have a dream...
Martin Luther King Jr. meets Malcolm X. I dare Alcatel to make a commercial out of this one. | |
|
| | Got service from Earthlink/Sprint or Sprint Brdbnd If you have service from either of these don't think that you can get the SpeedTouch Pro from them. They don't have it and their only recommendation is for you to spend your hard-earned money on a router or other hardware based firewall and/or a software based firewall. This advice came from Jeff at the Sprint National Data Center, tech support. They do have Speedstreams that may not be as vulnerable as the Alcatels but neither has firewall protection. This adds insult to injury as if their inability to maintain connections is not bad enough. Their claim of a dedicated connection is a first class load of BS. Think when I am out from under contract I will go cable but in the meantime I am off to order a router. At least I will be able to easily set all my machines into one connection. LOL Maybe I can just keep a constant data flow up just to irritate the circuit. ROTFLMAO | |
|
| |  Router Solves Alcatel Problem?
world - alcatel modem - linksys router - home network
I have a couple of questions, so any help is welcome.
1. How safe is my home network, assuming that the linksys router has a firewall?
2. This is a new setup and I started out by configuring the alcatel modem by connecting it directly to a pc. I used the alcatel web interface available on the modem by typing »10.0.0.138
I configured and tested the modem. Everything was ok, so I went to the router.
Now that the router is installed and running without any problems I am unable to access the modem.
How can I access the modem from the home network? | |
|
|
|
