« Blog Home

§ Actiontec M1000 DSL modem security

I used to use an Actiontec GT701 DSL modem.  Since my entire livelihood depends on my internet access, I got a little nervous when some odd things started happening.  As it happened, a friend was having trials with the phone company getting her DSL to work, and was advised to try the Actiontec M1000.  Still no go, so I tested her modem here and it worked nicely.  (That was all the phone company's fault, and after getting escalated a few times, I believe they were a bit embarrassed.)  So I looked around and found a slightly used M1000 (with wireless) for about $30!  (I don't want the wireless - I use Airport.  Being an Apple product, it's actually comprehensible to mere mortals like myself.)  But after a few days, weird things started happening with the M1000...

This actually took place several weeks ago, before my rant about Software that leaves a mess, and before the Firefox problems mentioned in that post.

One stupid annoyance was that I'd get this "Contacting google.com..." or "Looking up google.com..." status bar message... and wait... and wait.  Then everything would be fine... no.  Click on a search result and we're back to "Contacting google.com..."  I eventually noticed that if I clicked a search result, waited about one second, then clicked the same link, I'd go right to the page.  This would happen randomly on any browser on any machine; sometimes one browser on one machine, sometimes all browser on all machines.  Crazy.

I didn't keep notes on this whole thing, so I don't remember for sure, but I think I used Wireshark to watch, well, all sorts of things.  (Whatever tools I used got uninstalled during the Firefox problems in the other post.)  Fortunately for you, dear reader, that means this post will be shorter.

The short version is that the Actiontec modem makes itself my primary DNS.  I take it this is common these days, but I can't really see the point:  show me a modern OS that doesn't have a DNS cache.  So, say I want to go to google.com for the second time in ten seconds.  My OS looks for it in its cache - odds are pretty huge (like 100%) it's there.  But for some reason the Actiontec modem decides it needs to double-check...  What I saw was DNS request after DNS request, as if the DNS cache, the modem, and the ISP's DNS were having a fight.  I turned off the DNS cache (in XP, run services.msc, find DNS Client and turn it off) and there was significant improvement, but still far from adequate.

So, continuing to hammer away at google.com, I found How to disable the Actiontec DSL modem web activity log.  Now there's an eye-opener:  the modem keeps a log of all activity and leaves a port open to the outside world so it can be accessed!  This seems like a rather glaring invasion of privacy, don't you think?

Oh, right, the short version:  getting rid of the modem's DNS has made my internet browsing MUCH faster than I've ever experienced!  ("Blazing fast" comes to mind, but I hate to sound like a press release for a new computer.)  What we want to do is get rid of the activity log, close the wide open port to the outside world, and turn off the DNS on the modem.  You'll also (probably) need to manually tell your OSes to use your ISP's DNS directly rather than getting it from the modem (if you use the modem's DHCP, as I do).  Read Krista's blog, including lots of comments, maybe take a detour to some linked pages, etc., to understand how and why this works.

This is a script I run in an OSX Leopard terminal whenever my modem reboots.  The modem is an Actiontec M1000 (w/wireless) with firmware QA02.5-3.60.3.0.8.6-M1000.  The script deletes line 1 (input and output) four times simply because the first four lines are the ones that I want to delete.  It deletes line 5 twice (forward) because lines five and six are the ones I want to get rid of.  The relevant lines could very well be different on your modem, so BE CAREFUL!  Rebooting the modem SHOULD put everything back to default, but DON'T BLAME ME!  BE CAREFUL!  Note the "--dport" lines - that's TWO dashes; the others are all single dashes.

Disclaimer (stolen from Krista and edited):  I’m not affiliated with Actiontec.  Sometimes I’m barely affiliated with me.  I also take no responsibility for your modem breaking, exploding, calling up the authorities to tell them about your activities, accelerating global warming, causing nuclear meltdown, or bringing on Ragnarok and/or Armageddon.  If you really don’t know what you’re doing, call someone and ask.  USE THIS INFORMATION AT YOUR OWN RISK!

Ragnarok and Armageddon at the same time would be very interesting, in the sense of the ancient Chinese curse.  Please be careful!

 

#!/usr/bin/expect -f
spawn telnet 192.168.0.1
expect "ogin:"
send "admin\r"
expect "assword:"
send "\r"
#or if you have a password
# send "yourpassword\r"
expect "#"
send "cd /var/tmp\r"

#get rid of activity log
expect "#"
send "rm log_web_activity\r"
expect "#"
send "ln -s /dev/null log_web_activity\r"

#delete INPUT QUEUEs
expect "#"
send "iptables -D INPUT 1\r"
expect "#"
send "iptables -D INPUT 1\r"
expect "#"
send "iptables -D INPUT 1\r"
expect "#"
send "iptables -D INPUT 1\r"

#delete OUTPUT QUEUEs
expect "#"
send "iptables -D OUTPUT 1\r"
expect "#"
send "iptables -D OUTPUT 1\r"
expect "#"
send "iptables -D OUTPUT 1\r"
expect "#"
send "iptables -D OUTPUT 1\r"

#delete FORWARD QUEUEs
expect "#"
send "iptables -D FORWARD 5\r"
expect "#"
send "iptables -D FORWARD 5\r"
#insert FORWARD ACCEPTs
expect "#"
send "iptables -I FORWARD 2 -p udp --dport 53 -j ACCEPT\r"
expect "#"
send "iptables -I FORWARD 2 -p udp --sport 53 -j ACCEPT\r"

#get rid of open ports
expect "#"
send "iptables -t nat -D PREROUTING 1\r"
expect "#"
send "iptables -t nat -D PREROUTING 1\r"
expect "#"

#dump iptables to a file so it's easier to browse
# send "iptables -L>ipttmp\r"

#interact leaves the telnet session open if you want to look around
interact

#or just quit
# send "exit\r"

last edited on May 7th, 2010 at 6:34 PM

Comments

No Comments Here. Add yours below!

Add your comment

Name:
Email: (Will not be displayed - Privacy policy)
Website:
Comments:
  random image I can't read it!
Give me a different one!
Verify Post: Input the text from the image above to verify this post (helps prevent spam)
 

« Blog Home


The first principle of the military analyst is to figure out how the enemy can hurt you worst with his known capabilities and then plan to stop him, not hope he won’t try it.
Early Honor Harrington series, David Weber