• Cant' connect to router using telnet

    From Johnny@110:110/2002 to All on Sat Sep 27 15:33:49 2014

    I have a Motorola nvg589 and wanted to see if it's using bash.
    According to the user's manual, it has a CLI, and it even shows how to
    use telnet to connect and change he settings, but when I enter: telnet my/ipaddress, I get this error message: telnet: could not resolve http://my.ipaddress/cgi-bin/remoteaccess.ha/telnet: Name or service
    not known

    I had remote access enabled when I tried this.

    My ISP is ATT Uverse.

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: albasani.net (110:110/2002@linuxnet)
  • From Pascal Hambourg@110:110/2002 to All on Sat Sep 27 18:01:09 2014
    Reply-To: pascal.news@plouf.fr.eu.org

    Johnny a ‚crit :
    I have a Motorola nvg589 and wanted to see if it's using bash.
    According to the user's manual, it has a CLI, and it even shows how to
    use telnet to connect and change he settings, but when I enter: telnet my/ipaddress, I get this error message: telnet: could not resolve http://my.ipaddress/cgi-bin/remoteaccess.ha/telnet: Name or service
    not known

    Err, telnet expects an IP address or a hostname, not a URL...
    If you have an http URL, use a web browser, not telnet.

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: Plouf ! (110:110/2002@linuxnet)
  • From Kirk_Von_Rockstein@1:0/0 to All on Sun Sep 28 14:26:14 2014
    On 2014-09-27, Johnny <johnny@invalid.net> wrote:

    I have a Motorola nvg589 and wanted to see if it's using bash.
    According to the user's manual, it has a CLI, and it even shows how to
    use telnet to connect and change he settings, but when I enter: telnet my/ipaddress, I get this error message: telnet: could not resolve http://my.ipaddress/cgi-bin/remoteaccess.ha/telnet: Name or service
    not known

    I had remote access enabled when I tried this.

    My ISP is ATT Uverse.

    http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wirele ss-access/26009/1/Motorola%20NVG589%20VDSL2%20Gateway.pdf
    [tiny url of above link, below:]
    http://tinyurl.com/p94ymkr

    Read pages 107 - 109 of this PDF.
    Note if you have not changed the default gateway yourself
    you would run below example in a terminal from a computer
    running Mint[?] on your lan.

    telnet 192.168.1.254

    You then need to login using username and password you setup with.

    When logged in, you should see your terminal prompt change as
    shown on page 108.

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: The Kofo System II BBS telnet://fido2.kofobb
  • From Johnny@110:110/2002 to All on Sun Sep 28 15:09:49 2014
    On 28 Sep 2014 14:26:14 GMT
    Kirk_Von_Rockstein <Kirk_Von_Rockstein@nowhere.invalid> wrote:

    On 2014-09-27, Johnny <johnny@invalid.net> wrote:

    I have a Motorola nvg589 and wanted to see if it's using bash.
    According to the user's manual, it has a CLI, and it even shows how
    to use telnet to connect and change he settings, but when I enter:
    telnet my/ipaddress, I get this error message: telnet: could not
    resolve http://my.ipaddress/cgi-bin/remoteaccess.ha/telnet: Name or
    service not known

    I had remote access enabled when I tried this.

    My ISP is ATT Uverse.


    http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wirele ss-access/26009/1/Motorola%20NVG589%20VDSL2%20Gateway.pdf
    [tiny url of above link, below:]
    http://tinyurl.com/p94ymkr

    Read pages 107 - 109 of this PDF.
    Note if you have not changed the default gateway yourself
    you would run below example in a terminal from a computer
    running Mint[?] on your lan.

    telnet 192.168.1.254

    You then need to login using username and password you setup with.

    When logged in, you should see your terminal prompt change as
    shown on page 108.

    I tried to get that manual from AT&T and Motorola, and neither one had
    it. I was lucky enough to find it on line.

    I'm sure the problem is my firewall, when I try to use telnet, I can
    check the firewall logs and see the connection was dropped.

    Source 192.168.1.64 Destination xx.xxx.70.41 TCP
    Disallowed WAN-side management service access

    It looks to me like the Source and destination are reversed? I want to
    connect to 192.168.1.64, but it is shown as the source, and my IP
    address is the destination.


    The problem is my old AT&T i38hg router died, and I just got this one
    about a week ago. With the old modem, I could allow or block telnet.

    I'm sure I can do it with this one, but I just haven't figured out how
    to do it.

    This is what's being blocked right now:


    Firewall Advanced

    Drop packets with invalid source or destination IP address
    Protect against port scan
    Drop packets with unknown ether types
    Drop packets with invalid TCP flags
    Drop incoming ICMP Echo requests
    Flood Limit
    Flood rate limit
    Flood burst limit
    Flood limit ICMP enable
    Flood limit UDP enable
    Flood limit TCP enable
    Flood limit TCP SYN-cookie
    ESP ALG


    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: albasani.net (110:110/2002@linuxnet)
  • From Pascal Hambourg@110:110/2002 to All on Mon Sep 29 09:16:21 2014
    Reply-To: pascal.news@plouf.fr.eu.org

    Johnny a ‚crit :

    I'm sure the problem is my firewall, when I try to use telnet, I can
    check the firewall logs and see the connection was dropped.

    Source 192.168.1.64 Destination xx.xxx.70.41 TCP
    Disallowed WAN-side management service access

    It looks to me like the Source and destination are reversed? I want to connect to 192.168.1.64, but it is shown as the source, and my IP
    address is the destination.

    What are 192.168.1.64 and xx.xxx.70.41 ?
    Where are you to connect from ? The router's internal LAN or a remote
    location ?
    What command did you run exactly ?

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: Plouf ! (110:110/2002@linuxnet)
  • From Kirk_Von_Rockstein@1:0/0 to All on Tue Sep 30 15:11:05 2014
    On 2014-09-28, Johnny <johnny@invalid.net> wrote:
    On 28 Sep 2014 14:26:14 GMT
    Kirk_Von_Rockstein <Kirk_Von_Rockstein@nowhere.invalid> wrote:

    On 2014-09-27, Johnny <johnny@invalid.net> wrote:

    I have a Motorola nvg589 and wanted to see if it's using bash.
    According to the user's manual, it has a CLI, and it even shows how
    to use telnet to connect and change he settings, but when I enter:
    telnet my/ipaddress, I get this error message: telnet: could not
    resolve http://my.ipaddress/cgi-bin/remoteaccess.ha/telnet: Name or
    service not known

    I had remote access enabled when I tried this.

    My ISP is ATT Uverse.

    http://community.arubanetworks.com/aruba/attachments/aruba/unified-wired-wirele ss-access/26009/1/Motorola%20NVG589%20VDSL2%20Gateway.pdf
    [tiny url of above link, below:]
    http://tinyurl.com/p94ymkr

    Read pages 107 - 109 of this PDF.
    Note if you have not changed the default gateway yourself
    you would run below example in a terminal from a computer
    running Mint[?] on your lan.

    telnet 192.168.1.254

    You then need to login using username and password you setup with.

    When logged in, you should see your terminal prompt change as
    shown on page 108.

    I tried to get that manual from AT&T and Motorola, and neither one had
    it. I was lucky enough to find it on line.

    I'm sure the problem is my firewall, when I try to use telnet, I can
    check the firewall logs and see the connection was dropped.

    Problem is you do not have the telnet service enabled
    and a proper port number selected. My guess would be that
    the telnet port address is set to zero which disables telnet.
    By the way, this router has SSH available on it,
    If you need to remote admin this router from the WAN side,
    you should use SSH as this router/modem is capable of doing so.
    You are at this point, just trying to admin the router using
    a computer (GNU/Linux) which is connected to a LAN side interface
    port on the router, ...right?

    Note that this router has two major command modes,
    SHELL and CONFIG.(pg. 105) You can determine which mode
    you are in via the prompt. On (page 118) it shows how to
    switch between the two CLI modes. (page 146) shows you how
    to enable LAN management. In CLI Config mode you would type:

    set management lanmgmt enable on

    At the bottom of (page 148) note the listed commands
    for the configuration of telnet.
    The manual mentions that by default the port is set to 0
    which disables telnet. So from the CLI config
    mode prompt you would type:

    set management remote-access telnet-port 2323

    2323 as an example. Then from a terminal on a computer connected
    to a LAN side port of the router you would type something like
    this in CLI SHELL mode:

    telnet 192.168.1.64 2323

    Double check your Home Network page in GUI for proper gateway ip
    address for the above. I have never had access to this model
    router/modem, so I do not know if /all/ the settings are available
    from the web interface GUI. You may only be able to manage certain
    settings from the CLI.


    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: The Kofo System II BBS telnet://fido2.kofobb
  • From Johnny@110:110/2002 to All on Fri Oct 3 14:58:50 2014
    On 30 Sep 2014 15:11:05 GMT
    Kirk_Von_Rockstein <Kirk_Von_Rockstein@nowhere.invalid> wrote:

    Problem is you do not have the telnet service enabled
    and a proper port number selected. My guess would be that
    the telnet port address is set to zero which disables telnet.
    By the way, this router has SSH available on it,
    If you need to remote admin this router from the WAN side,
    you should use SSH as this router/modem is capable of doing so.
    You are at this point, just trying to admin the router using
    a computer (GNU/Linux) which is connected to a LAN side interface
    port on the router, ...right?

    I appreciate your time and effort. From what I have read, AT&T does
    not allow remote access to this router. SSH is disabled by AT&T.

    SSH times out, and telnet says connection refused.

    When the bash bug Shellshock first came out was when I wanted to try
    remote access, and see what version of bash it was using, or if it was
    even using bash.

    I'm not going to worry about it, I think Shellshock only affects
    servers, and I don't have a server.

    I did scan the router at grc.com, and all ports show stealth mode.

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: albasani.net (110:110/2002@linuxnet)
  • From Joe Beanfish@110:110/2002 to All on Sat Oct 4 15:16:35 2014
    On Fri, 03 Oct 2014 09:58:50 -0500, Johnny wrote:

    On 30 Sep 2014 15:11:05 GMT Kirk_Von_Rockstein <Kirk_Von_Rockstein@nowhere.invalid> wrote:

    Problem is you do not have the telnet service enabled and a proper port
    number selected. My guess would be that the telnet port address is set
    to zero which disables telnet.
    By the way, this router has SSH available on it,
    If you need to remote admin this router from the WAN side,
    you should use SSH as this router/modem is capable of doing so. You are
    at this point, just trying to admin the router using a computer
    (GNU/Linux) which is connected to a LAN side interface port on the
    router, ...right?

    I appreciate your time and effort. From what I have read, AT&T does not allow remote access to this router. SSH is disabled by AT&T.

    SSH times out, and telnet says connection refused.

    When the bash bug Shellshock first came out was when I wanted to try
    remote access, and see what version of bash it was using, or if it was
    even using bash.

    I'm not going to worry about it, I think Shellshock only affects
    servers, and I don't have a server.

    I did scan the router at grc.com, and all ports show stealth mode.

    Your router is/has a server. Web servers are probably the most common
    attack vector for shellshock. If the web server ever executes an external program to do work (many do at some point) and that program is, or calls,
    a shell script and the system shell is bash, you're toast, unless the environment has been specifically sanitized.

    There are numerous hackers actively scanning every IP on the net looking
    for breakable ones. One test you can do, though not definitive, is set
    your user agent to
    () { :; }; echo "Content-Type: text/plain; charset=ISO-8859-1";echo "Content-Length: 14";echo "";echo "CVE-2014-6271";exit
    Then surf around any web server. If pages break oddly or display
    CVE-2014-6271 you've discovered a vulnerability. Unfortunately not seeing glitched pages isn't definitively safe though. Be sure to set your user
    agent back to normal when surfing the web in general. You may get blocked
    as an attacker.

    If you have anything running *nix visible to the internet you should
    assume that it's possibly vulnerable until you hear otherwise from the
    vendor or some reliable source. Pretty soon even private servers will
    become an issue as virus writers add shellshock to their arsenal of
    attack vectors to try once running on someone's PC.

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: A noiseless patient Spider (110:110/2002@linuxnet)
  • From Johnny@110:110/2002 to All on Sat Oct 4 17:04:59 2014
    On Sat, 4 Oct 2014 15:16:35 +0000 (UTC)
    Joe Beanfish <joebeanfish@nospam.duh> wrote:

    From: Joe Beanfish <joebeanfish@nospam.duh>
    Subject: Re: Cant' connect to router using telnet
    Date: Sat, 4 Oct 2014 15:16:35 +0000 (UTC)
    User-Agent: Pan/0.139 (Sexual Chocolate; GIT bf56508
    git://git.gnome.org/pan2)
    Newsgroups: comp.os.linux.networking
    Organization: A noiseless patient Spider
    =20
    On Fri, 03 Oct 2014 09:58:50 -0500, Johnny wrote:
    =20
    On 30 Sep 2014 15:11:05 GMT Kirk_Von_Rockstein <Kirk_Von_Rockstein@nowhere.invalid> wrote:
    =20
    Problem is you do not have the telnet service enabled and a proper
    port number selected. My guess would be that the telnet port
    address is set to zero which disables telnet.
    By the way, this router has SSH available on it,
    If you need to remote admin this router from the WAN side,
    you should use SSH as this router/modem is capable of doing so.
    You are at this point, just trying to admin the router using a
    computer (GNU/Linux) which is connected to a LAN side interface
    port on the router, ...right? =20
    =20
    I appreciate your time and effort. From what I have read, AT&T
    does not allow remote access to this router. SSH is disabled by
    AT&T.
    =20
    SSH times out, and telnet says connection refused.
    =20
    When the bash bug Shellshock first came out was when I wanted to try
    remote access, and see what version of bash it was using, or if it
    was even using bash.
    =20
    I'm not going to worry about it, I think Shellshock only affects
    servers, and I don't have a server.
    =20
    I did scan the router at grc.com, and all ports show stealth mode. =20
    =20
    Your router is/has a server. Web servers are probably the most common
    attack vector for shellshock. If the web server ever executes an
    external program to do work (many do at some point) and that program
    is, or calls, a shell script and the system shell is bash, you're
    toast, unless the environment has been specifically sanitized.

    I just called AT&T support, and the woman I talked to has never heard
    of Linux, shellshock, or bash. So I guess there is nothing I can do.


    I did find the source code for the NVG589 Motorola modem/router, and it
    does use Linux and bash.

    =46rom Sourceforge:

    The NVG589 is built on various different flavors of Linux. The NVG589
    has been built on Fedora Core 11 and greater and Ubuntu 9.04 and greater.

    If using Ubuntu, make sure /bin/sh points to /bin/bash. (Not /bin/dash)

    http://sourceforge.net/projects/nvg589.arris/files/NVG589%201.0/


    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: albasani.net (110:110/2002@linuxnet)
  • From Kirk_Von_Rockstein@1:0/0 to All on Sun Oct 5 16:25:19 2014
    On 2014-10-03, Johnny <johnny@invalid.net> wrote:
    On 30 Sep 2014 15:11:05 GMT
    Kirk_Von_Rockstein <Kirk_Von_Rockstein@nowhere.invalid> wrote:

    Problem is you do not have the telnet service enabled
    and a proper port number selected. My guess would be that
    the telnet port address is set to zero which disables telnet.
    By the way, this router has SSH available on it,
    If you need to remote admin this router from the WAN side,
    you should use SSH as this router/modem is capable of doing so.
    You are at this point, just trying to admin the router using
    a computer (GNU/Linux) which is connected to a LAN side interface
    port on the router, ...right?

    I appreciate your time and effort. From what I have read, AT&T does
    not allow remote access to this router. SSH is disabled by AT&T.

    SSH times out, and telnet says connection refused.

    I'm looking at the AT&T Manual, and there are several
    services that are available but are not
    enabled by default. Just quickly looking through the
    AT&T manual these are some I located:
    SSH, Telnet, FTP, TFTP, etc.
    Like I said, they may not be obviously accessable via the
    Web GUI gateway interface, but they are there.

    In the Web GUI interface, under the "Home Network "
    tab >> "Subnets and DHCP". Locate the
    "Public Subnet " section and set the
    "Allow Inbound Traffic" drop-down to"On".
    This will allow inbound requests.
    The services may be setup from the "Custom Services"
    under the "Firewall" tab I would presume if you
    wanted to set them up from the GUI.

    Most these services are off by default.
    Look at some of these settings under remote management
    and ALG for example, telenet and ssh are available
    if you ever needed to set them up:

    set management remote-access http-port [ 1 - 65534 ]
    Sets the web access port for remote access
    management of the Gateway. Default is port 51003.

    set management remote-access https-port [ 1 - 65534 ]
    Sets the secure web access port for remote access
    management of the Gateway. Default is port 51443.

    set management remote-access telnet-port [ 1 - 65534 ]
    Specifies the port number for remote access telnet
    (CLI) communication with the Motorola Gateway. Because port
    numbers in the range 0-1024 are used by other protocols,
    you should use numbers in the range 1025-65534 when
    assigning new port numbers to the Motorola Gateway telnet
    configuration interface. A setting of 0 (zero) will turn
    the server off. Defaults to port 0.

    set management remote-access ssh-port [ 1 - 65534 ]
    Specifies the port number for secure shell (SSH)
    communication with the Motorola Gateway. Defaults to port 22.

    set management lanmgmt enable [ off | on ]
    Turns TR-064 LAN side management services on or off.
    The default is off.

    set ip alg ftp-enable [ on | off ]
    Turns the FTP (File Transfer Protocol)
    ALG for file transfers on or off. Default is on.

    set ip alg h323-enable [ on | off ]
    Turns the H323 ALG for audio, video,
    and data communications across IP-based network
    on.

    set ip alg tftp-enable [ on | off ]
    Turns the TFTP (Trivial File Transfer Protocol)
    ALG for simple file transfers and firmware u
    Default is on.


    When the bash bug Shellshock first came out was when I wanted to try
    remote access, and see what version of bash it was using, or if it was
    even using bash.

    I'm not going to worry about it, I think Shellshock only affects
    servers, and I don't have a server.

    I did scan the router at grc.com, and all ports show stealth mode.

    Yeah, I have my telco/modem/router bridged and
    setup a Ipcop router/firewall/proxy behind it. It uses
    Bash as the shell, so I upgraded Bash to the patched version
    several days ago.
    For a OEM router/firewall/modem your NVG589 seems to have
    a lot of features, the firmware is constructed from
    GNU/Linux.

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: The Kofo System II BBS telnet://fido2.kofobb
  • From Johnny@110:110/2002 to All on Mon Oct 6 19:07:19 2014
    On 5 Oct 2014 16:25:19 GMT
    Kirk_Von_Rockstein <Kirk_Von_Rockstein@nowhere.invalid> wrote:

    I appreciate your time and effort. From what I have read, AT&T does
    not allow remote access to this router. SSH is disabled by AT&T.

    SSH times out, and telnet says connection refused. =20
    =20
    I'm looking at the AT&T Manual, and there are several
    services that are available but are not
    enabled by default. Just quickly looking through the
    AT&T manual these are some I located:
    SSH, Telnet, FTP, TFTP, etc.
    Like I said, they may not be obviously accessable via the
    Web GUI gateway interface, but they are there.

    I will keep trying to get to the command line, but for now I think I
    have found out what I wanted to know.

    I think the NVG589 uses busybox instead of bash.

    =46rom page 185 of the manual:=20

    GNU General Public License 2.0 (GPL)
    This Motorola product contains the following open source software packages = licensed under the terms of the
    GPL 2.0 license:
    * Linux 2.6.30
    * Arptables 0.0.3-4
    * bridge-utils 1.2
    * BUSYBOX 1.18.3
    * dnsmasq 2.45
    * ez-ipupdate 3.0.11b7
    * haserl 0.9.26
    * inetd
    * iproute2
    * iptables 1.4.0
    * ntpclient 2003_194
    * pppd 2.4.4
    * rp-pppoe 3.10
    * samba 3.0.25a
    * udev 136
    * vconfig 1.6
    * wget 1.10.2
    * zebra 0.94

    BusyBox uses the Almquist shell, also known as A Shell, ash and sh.

    https://en.wikipedia.org/wiki/BusyBox


    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: albasani.net (110:110/2002@linuxnet)
  • From Kirk_Von_Rockstein@1:0/0 to All on Tue Oct 7 14:33:46 2014
    On 2014-10-06, Johnny <johnny@invalid.net> wrote:
    On 5 Oct 2014 16:25:19 GMT
    <snipped for brevity>
    I will keep trying to get to the command line,
    but for now I think I have found out what I wanted to know.

    I think the NVG589 uses busybox instead of bash.

    Yes it does use Busybox and your right, Busybox does
    use Ash for the shell, so your in the clear as to
    the shellshock vuln on this router.

    From page 185 of the manual:

    GNU General Public License 2.0 (GPL)
    This Motorola product contains the following open source
    software packages licensed under the terms of the
    GPL 2.0 license:
    * Linux 2.6.30
    * Arptables 0.0.3-4
    * bridge-utils 1.2
    * BUSYBOX 1.18.3
    * dnsmasq 2.45
    * ez-ipupdate 3.0.11b7
    * haserl 0.9.26
    * inetd
    * iproute2
    * iptables 1.4.0
    * ntpclient 2003_194
    * pppd 2.4.4
    * rp-pppoe 3.10
    * samba 3.0.25a
    * udev 136
    * vconfig 1.6
    * wget 1.10.2
    * zebra 0.94

    BusyBox uses the Almquist shell, also known as A Shell, ash and sh.

    https://en.wikipedia.org/wiki/BusyBox


    Yeah most these consumer based OEM routers that do have
    some form of modified GNU/Linux, do use Busybox, Dropbear, etc.
    I have 14 older Linksys WRT54G, WRT54GL, WRT54G-TM
    WRT54GS type routers, and several more Netgear routers,
    that the OEM firmware has been replaced with DD-WRT Linux firmware,
    standard or mega builds and they all have
    Busybox and Ash as the shell also.

    --- MBSE BBS v1.0.4 (GNU/Linux-i386)
    * Origin: The Kofo System II BBS telnet://fido2.kofobb