tag:blogger.com,1999:blog-3993498847203183398.post2843651223682508506..comments2024-03-28T09:19:27.451+00:00Comments on RevK<sup>®</sup>'s ramblings: BT Huawei FTTC modem bug breaking VPNsRevKhttp://www.blogger.com/profile/12369263214193333422noreply@blogger.comBlogger23125tag:blogger.com,1999:blog-3993498847203183398.post-24116411856969036942015-10-05T07:49:15.310+01:002015-10-05T07:49:15.310+01:00Probably just as cheap to buy a tplink tl3040 and ...Probably just as cheap to buy a tplink tl3040 and put <a href="http://www.purevpnreview.com/" rel="nofollow">purevpn openwrt</a> on it<br />Willie Aameshttps://www.blogger.com/profile/09188898560795572299noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-28447966041216418522014-02-06T13:39:55.487+00:002014-02-06T13:39:55.487+00:00Some sidechannel attack perhaps? Would it be poss...Some sidechannel attack perhaps? Would it be possible to analyze the BT firmware?SyntheticBluehttps://www.blogger.com/profile/02352265035049577395noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-27969103820269398532013-11-10T10:50:29.466+00:002013-11-10T10:50:29.466+00:00On TalkTalk using their provided DLINK DSL-3680 (F...On TalkTalk using their provided DLINK DSL-3680 (Firmware Version: v1.06t Hardware Version: A1), which seems to suffer the same problem. Using SSH over OpenVPN UDP connection is fine until I attempt an scp/sftp or git pull. On my end I can see packets been retransmitted and can confirm they are not hitting the VPN endpoint. So not sure if it's volume of packets or size of packets yet need to perform further testing.<br /><br />Either a very strange coincidence or this modem is also suffering from the same issue. Would be good to if someone else can reproduce the issue on a DSL-3680.<br /><br />(Switching to another ADSL modem with different firmware does work fine) Steven Williamsonhttps://www.blogger.com/profile/02137239008138815200noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-63595477109441948462013-11-06T07:39:18.359+00:002013-11-06T07:39:18.359+00:00Paul has been doing the testing and I expect we wi...Paul has been doing the testing and I expect we will do more today. Testing UDP over IPv6 was one thing I wanted to try, as well as trying again for TCP as we had reports of TCP being affected. Our initial tests suggested not.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-40452564876142524042013-11-06T07:37:41.083+00:002013-11-06T07:37:41.083+00:00We assume so, as it is at the modem level. It is g...We assume so, as it is at the modem level. It is going to be difficult to test, and I was going to ask you about this. We do not normally do any PPPoE over the GEA access, so it would mean setting that up for testing on such a circuit.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-74263269775617423482013-11-06T07:36:13.418+00:002013-11-06T07:36:13.418+00:00Indeed, it does have routing to allow for it to wo...Indeed, it does have routing to allow for it to work with a management LAN in to BT and a TR069 LAN.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-61820934605447727892013-11-06T00:05:56.614+00:002013-11-06T00:05:56.614+00:00Think I'll be going back to my Unlocked/Hacked...Think I'll be going back to my Unlocked/Hacked one shortly, only put the unmodified one back on when having some work done so that I didn't risk upsetting BT.Dragonhttps://www.blogger.com/profile/00022860954210501938noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-29683015236618701222013-11-05T23:16:59.553+00:002013-11-05T23:16:59.553+00:00Don't be so quick to rule out the middle optio...Don't be so quick to rule out the middle option, incompetent conspiracy: the firmware developer was told "send VPN packets to GCHQ", but misheard it as "send VPN packets to Timbuktu"...<br /><br />On the bright side, at least it's not IPv6 specific like that core router bug! Have you tried sending various other packets through to see if they're affected, or it's specific to UDP?<br /><br />254 ip,port tuples seems a very small fraction to be affected - less than 2^-40, hardly likely to be found by chance, and very different from the c 50% drop rate mentioned. What is it, 254 out of 512?jas88https://www.blogger.com/profile/05563592458314214904noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-79874280583474988932013-11-05T21:51:23.856+00:002013-11-05T21:51:23.856+00:00will this also affect GEA ethernet provided circui...will this also affect GEA ethernet provided circuits? or does it just affect pppoe connections through the modem?gr0mithttps://www.blogger.com/profile/03049031312390546117noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-25802582385427534702013-11-05T21:11:45.169+00:002013-11-05T21:11:45.169+00:00This will I guess be another of those 'modems&...This will I guess be another of those 'modems' that's actually a router pretending to be a modem by running in 'bridge mode' and regardless of mode runs packets through layer 3 / 4 processing of some sort.<br /><br />Carlhttps://www.blogger.com/profile/08038433529781216579noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-89448822790647233682013-11-05T20:09:47.127+00:002013-11-05T20:09:47.127+00:00Just had a ppp session restart followed by no inte...Just had a ppp session restart followed by no internet access on devices in the house.<br />A quick look on the Firebrick (which could ping the internet) showed a whole load of UDP port 53 DNS sessions were going unanswered.<br />I tried some netcats to servers to confirm no UDP/53 traffic could be sent.<br />Fortunately I'd only just read your blog post an hour earlier and bouncing the Ethernet port in and out almost instantly resolved the problem.<br /><br />Thanks for the info, saved me a good hour of troubleshooting.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-63335388261694035832013-11-05T16:52:28.841+00:002013-11-05T16:52:28.841+00:00I hope this is not going to affect me when I next ...I hope this is not going to affect me when I next work...Phil Reynoldshttps://www.blogger.com/profile/07080812032624786351noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-68603248802721610862013-11-05T16:17:31.303+00:002013-11-05T16:17:31.303+00:00We are assuming just the Huawei ones, which is lik...We are assuming just the Huawei ones, which is like half of them or some such.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-87413962387636238182013-11-05T16:16:45.615+00:002013-11-05T16:16:45.615+00:00Well, it stops working properly. I don't know ...Well, it stops working properly. I don't know how to tell versions. It is a bridge, so normally you can't talk to it. not been able to test the other make yet, but I doubt it is affected.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-55977643363561345632013-11-05T16:15:51.868+00:002013-11-05T16:15:51.868+00:00I know, and I favour incompetence over conspiracy ...I know, and I favour incompetence over conspiracy every time.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-61004253894355463762013-11-05T16:07:03.406+00:002013-11-05T16:07:03.406+00:00Does this affect all FTTC modem types Adrian, or j...Does this affect all FTTC modem types Adrian, or just certain models?Bob Pullenhttps://www.blogger.com/profile/00873366980826424108noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-9349531795553288062013-11-05T15:56:59.487+00:002013-11-05T15:56:59.487+00:00Which government I wonder? I would have scoffed a...Which government I wonder? I would have scoffed at this idea in the past. Now, hmm not so sure.<br />Ionichttps://www.blogger.com/profile/06785235601827719311noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-46724968946988005092013-11-05T15:50:38.316+00:002013-11-05T15:50:38.316+00:00Is there a way to tell if your modem has been upgr...Is there a way to tell if your modem has been upgraded?<br /><br />And I presume just Huawei, and not the newer LTE (?) boxes?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-56027175871084038242013-11-05T15:40:33.330+00:002013-11-05T15:40:33.330+00:00You're welcome. At least my comment was clearl...You're welcome. At least my comment was clearly tongue-in-cheek!NABhttps://www.blogger.com/profile/15645758112897112622noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-16038617452221979992013-11-05T15:36:04.227+00:002013-11-05T15:36:04.227+00:00Anything using UDP, and we have had reports from c...Anything using UDP, and we have had reports from customers of this specifically affecting OpenVPN.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-54500032854419388102013-11-05T15:34:29.023+00:002013-11-05T15:34:29.023+00:00Query: Do you know which VPNs are having this prob...Query: Do you know which VPNs are having this problem?<br /><br />I'm specifically concerned about OpenVPN, but all info is useful...Born Todayhttps://www.blogger.com/profile/10844896400169041973noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-27491077160601608752013-11-05T15:29:31.698+00:002013-11-05T15:29:31.698+00:00I am not sure who wins on that, 23 minutes before ...I am not sure who wins on that, 23 minutes before the NSA or some such mentioned. Well done.RevKhttps://www.blogger.com/profile/12369263214193333422noreply@blogger.comtag:blogger.com,1999:blog-3993498847203183398.post-71237439971055254232013-11-05T15:28:42.994+00:002013-11-05T15:28:42.994+00:00Modems being loaded with government mandated code ...Modems being loaded with government mandated code to spy on VPNs, perhaps? ;-)NABhttps://www.blogger.com/profile/15645758112897112622noreply@blogger.com