how apply the cisco 2wire hell hack on router.......
cisco 2 wire hell!
Prerequisites:
ISP = ATT Uverse
Shoddy 2wire router
Aspirin or other pain reliever
FYI... This is only a tutorial because I
stated I would give information on the
topic. However, I'm giving a for warning
now that although there is information,
this very well may seem like me bitching
and it kind of is.
Well let me first start off by stating that
my upgrade from ATT DSL to ATT Uverse
was supposed to be a no brainer.
From ATT DSL having a static ip address
with 3mbps down and 765k up bandwidth
to Uverse's having 6 static ip addressees
and speeds of 10mbps down and 3mbps
up! This clearly seems like an awesome
choice! Well... there's some heart ache
and pain to follow.
Let me explain my previous setup...
I own a Cisco 877 SOHO router which
completely takes the dsl modem out of
the loop!
This means it has an RJ11 jack on the back
of the router and can be configured to
work with the DSL service by use of a
command line setup that is similar to an
ISDN line using dialer profiles and pap/
chap call-ins.
It was VERY reliable! I never had dropped
packets, I could configure access-list at
the very edge of where traffic hits my
network without having to worry about
someone trying to muck with my dsl
modem or just plain having it crap out on
me.
The "new" setup......
My cisco router was replaced with ATT's
2wire router under the basis of two
things.
#1) ATT would not tell me nor do I know
what my pvc is coming from the LEC
(telco talk for Local End Carrier, it's whom
ever owns the last mile leading from the
CO (Central Office) to my hosting
environment. For those of you who don't
know there are big pipes (circuits) that go
into a LEC and then they get divided up
into small pipes and then branch out to
home users, companies, etc.
Each of these circuits have different
names such as OC48, OC12, OC3, T3, T1,
and so forth. Each of these circuits have
their own circuit identifiers, an example
may look like this:
DHE5983452 for a T3 line which may
break down into two T1's looking like
AREC59834521 and AREC59834522.
I'm not saying the numbers coordinate
like this but just giving an example.
When the T1 line gets broken down into
smaller, oh lets say, DSL lines, there is a
pvc number which is linked to the one
going to my location which is also needed
in the cisco configuration or in this "new"
case the 2wire configuration.
Previously I was able to look in the
configuration settings of my old DSL
modem and pull the number but here I
have been unable to do so with my 2wire
router.
#2) Even if I had this number it would do
me no good because of the way the
Uverse service works.
The advertising says you get fiber which is
only half true. With Verizon you get fiber
going from the main location to the CO to
your location. With Uverse you get fiber
from the main location to the CO and
then the signal goes over whatever you
have in your existing area; yes it can go
over telephone line (I think the technical
term is WF-16, but I could be wrong, it's
basicly just speaker wire as it only uses 2
pair normally) or it can go across coaxial
cable. Cheap for ISP shoddy for you
regarding speed.
The main problem however is their
"FAKE" NAT (Network Address
Translation" they have going on. With the
way they have things setup it is easier for
the to snoop on you, for them to control
your router, or do whatever they wish.
ISP's have always owned ranges of static
ip addresses and then sold them out to
customers; which is why when you do a
reverse lookup you get the ISP's name.
(unless you are a company and own a
large amount or buy directly)
The difference with the Uverse setup is
previously they gave you your static ip
you purchased and the traffic from the
internet more or less routed straight to
you, as in this was not NAT'd by the ISP;
with Uverse it is. The 2wire router you
buy does not NAT to ATT they NAT on
their end once your traffic leaves them,
making you directly connected to their
network.
I would say technically this leaves them
vulnerable on an internal side, but they
pretty much are able to lead all traces
back to you unless you can spoof off of
another customer which I have not
attempted.
The Uverse setup, for ease of
understanding is like a big DHCP server
that lease out addresses. Even if you
purchase static they more so just bind it
to your mac. Because of the way they do
their subnetting, which is unlike the
norm. in my eyes, it makes you unable to
assign the addresses in the format you
may want.
Example:
Lets pretend that 192.168.1.0
255.255.255.0 is a publicly routable
subnet.
Lets pretend that you have the entire
subnet at your disposal.
It is considered common practice for the
default gateway to be the first routable
address which would 192.168.1.1
Uverse pre-staticly defines that your
default gateway will be the last ip address
instead of the first so that it will be
192.168.1.254
This can not be changed. If you change it
on your router it will not work!
When you look at your router you will
notice that you not only have the static
publicly routable ip addresses you
purchased, but you also have an entire
"other network" that is theirs that you
are connecting to! Complete with it's own
static ip address and subnet that is
completely different from yours! This is
ATT's way of having all of your ip
addresses routed through their private
network and translated on their side. So
essentially it's not even like you're static
ip's are really public, it's more like ATT
Uverse has them on their internal
network and THEY map them out and
THEY route them out however THEY want
to!
This in my mind is not right!<---insert a
few swear words here.
So instead of having one DHCP server
think of it has them having 2 and defining
multiple networks on their side which
monitors and routes traffic accordingly.
This may have some understanding when
you look at the aspects of the router
being able to handle cable/satellite
television and voip phone service
included with the internet service, but
doesn't make a bit of sense if nothing
other than internet service is being used.
I may add more later or decrease if they
come knocking on my door, but this is
how things stand as of now, feel free to
comment.
-cisc0ninja
Reference:
My cranium
https://uverse1.att.com/un/
launchAMSS.do
No comments:
Post a Comment