TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:3347] Fw: [TCLUG:3292] Security Pointers & DSL questions...



A few clarifications regarding the router commands:

The newer DSL routers (called the Cisco 675 instead of the Netspeed
SpeedRunner 204 since Cisco bought them out) is running an operating
system called cbos (currently at version 2.1? I think) which replaced the
nsos.  Basically, Cisco Broadband OS and Net Speed OS.  I believe at this
point the underlying firmware hasn't changed; however, cbos has a shell
which looks (and acts) like Cisco's IOS.  If you've ever worked with IOS,
you'll be right at home.  

Currently most ISPs are running them in bridging mode.  The routing code
for most Cisco routers that ISPs are using sucks, and only the higher-end
routers have any decent support (with the corresponding price $$$).  With
cbos, however, you can give the Cisco 675 an IP address even while in
bridging mode.  


The settings for a serial session are 38400 bps, 8N1, and no flow
control. A typical command line session looks like this when begun:

password: (hit enter here)
cbos>

This, like IOS, is a user-level only mode.  To enter the admin mode:

cbos> en <enter>
password: <enter>
cbos#

Which is exactly the same as IOS.  Once in admin mode (indicated by #),
you can do fun things like this:

cbos# set bridging RFC-1483 enabled
cbos# write mem
cbos# reboot

Which is the procedure to set it bridging mode. For the last month or so,
however, US West has been shipping them in bridging mode by default, bless
thier little black hearts.  It's saved us tons of support time :)

To see what your recieve levels are like, you can type:

cbos# show int wan0

and it will display a bunch of numbers.  The ones you are interested in
are appended with 'db' (or prefixed, can't remember at this moment).
They range from 18 to 50+.  If its below 18, you can't connect until they
clear up that FBI tap in your line :)

The manuals they are shipping now are much better, and list a large number
of commands, basically a mini-IOS.  The 675's support radius, internal
DHCP (for the LAN side), firewalling, NAT, RIP, TFTP, Xmodem, and a whole
range of other items, most of which can only be used in routing mode :(

As far as security goes, follow the usual precautions, and remember that
you will most likely be on a BRIDGED segment.  It's a major concern for
Win users mainly as other machines show up in Network Neighborhood, but
remember you will too if your running Samba (so make sure your access
rules are in place).  If you give your router an IP remember to set a
password as well, as THERE ISN'T ONE BY DEFAULT, giving a cracker a
field day as he overwrites the flash with an mp3. 

If you have an older one with nsos it is upgradable, but the docs suck
and you must, MUST read them over and over until you could do it in your
sleep.  I was cocky once, and now have a lump of nonoperating plastic that
I can't fix because I can't find the code anywhere for nsos (cbos requires
an operating system installed to run the upgrade).  The code is available
for cbos at ftp.cisco.com; poke around and you'll find it.

If you're feeling adventurous, hit control-c while rebooting the router.
That will drop you into the ROM monitor, where you can explore the
mysteries of intel ROM monitor engineering and see your router's memory in
hex :)


Jim Raney
Sysadmin, Citilink Internet, Inc.