1. Fault
-------------------------------------------------- -------------------------------
From March 8th (online understanding should be starting at noon), some ADSL MODEM has a discovery and dead cats in the country.
The problem.
ADSL cats in this issue have 2 features:
1. Brands are different, but all use Globespan's slight model Viking chip (such as ASUS AAM6000EV A / J).
2. Routing mode is enabled;
Extremely unfortunately, even the internet online express ADSL (SR-DSL-AE) complies with the above 2, and there is a problem.
In addition to ASUS, there are this problem with some of the ADSL cats including Morning Stars, Zhida and other models.
In addition, according to these forums, there are similar situations in Guangdong, Guangxi, Fuzhou, Tianjin, Jiangsu, Heilongjiang.
The appearance should be a large area of large area.
-------------------------------------------------- -------------------------------
2. Phenomenon
-------------------------------------------------- -------------------------------
There are 3 phenomena of problems:
1. Ten minutes and half an hour ADSL cat is a cat, ping ADSL cat's IP, half pass half is not passing, and the time is in a thousand milliseconds.
The webpage cannot be opened, but QQ / MSN, etc., often can always be online, and occasionally send and receive messages.
2. ADSL link is frequently displayed (multiple times in half an hour);
3. ATM VC congestion frequently;
-------------------------------------------------- -------------------------------
3. Possible cause analysis
-------------------------------------------------- -------------------------------
First of all: Viking chips or this ADSL system has bugs or vulnerabilities, this is basically affirmative.
1. Telecom is engaged in ghosts, using the ADSL cat's vulnerability to combat users in routing mode.
Telecom is unlikely, the national (Southern Telecom, North Netcom) is not even greater.
2. There is a viral attack.
The possibility of virus attack ADSL cat is still relatively large, and the ADSL cat seems to be built-in a thin OS electronic device (
I scan my Morning Star Internet Express Big Black Cat SR-DSL-AE, which is shown as Linux system), including HTTP / FTP / TFTP / Telnet
Service, technology, no vulnerabilities are impossible, maybe there is a new virus popular (or the old virus attack), resulting in
The attack of the ADSL system causes its death.
When the ADSL cat is used as a bridge, the external network is directly transferred to the PC of the PPOE dial, and the ADSL cat production forwarded.
It is not attacked, so ADSL does not have problems (you can use firewall software to monitor if there is an attack).
When the ADSL cat is routed, the access to IP is first arrived on the ADSL cat, and the ADSL cat is the first to rush, if there is an attack
The attack is ADSL cat. If the attack is just the principle of ADSL, immediately fall.
When PING is subjected to ADSL after the attack, half of the half pass, the time delay of the PING is also above the thousands of seconds. Occasionally, the software such as MSN / QQ can also be temporarily maintained online, and sometimes it can send and receive success messages.
If this is the case, the FTP / TFTP should be only open to the intranet, you can disconnect the internal network, check the virus
. See if the ADSL cat continues to crack, to prevent attacks due to the PC of the intranet.
Telnet / http should be open to the outside, you can modify the corresponding port (AMDIN-> Port Settings)
No need to default 80 and 23.
HTTP Port: 61080 (80, 61000-62000)
Telnet Port: 61023 (23, 61000-62000)
Note: After modifying the port, save it, then restart, to take effect.
And, if such modifications are modified, if the configuration page is logged in, it is not an 80-port. It should be:
Http://192.168.1.1:61080 (61080 is the new port number you modified, what is it used to use?
Telnet is not 23 ports, is: telnet 192.168.1.1 61023
Like the port, the same, the Telnet new port number you modified;
In addition, some fool-type configuration software (such as TP-Link), it seems to be carried out using the Telnet port of the ADSL cat
After configuring the Telnet port, these software can't connect (the default is the 23-port of the ADSL cat.
no choice)
(I changed the port, I haven't been dead in 2 days, and I will do the test, I found that the HTTP port is changed back to 80 and will not have problems.
However, there is a problem with the telnet port to change the 23 port, and it is estimated that the ADSL cat's Telnet service has a vulnerability. But not necessarily, from
ASUS website understands that there are attacks on the 4 ports of the ADSL cat now.
-------------------------------------------------- -------------------------------
4. The solution
-------------------------------------------------- -------------------------------
According to the information on the Internet, as well as my approach, there is the following methods:
1. Change the HTTP, Telnet port of the ADSL cat, so as not to attack by the virus
Replace the service port of HTTP and Telnet in admin-> port setting, use any one in 61000 ~ 62000
Of, but to remember this port, you need to change the portable port when you have the next http / telnet to the ADSL cat.
Note: Save and restart after modification: management (admin) - Save and restart - Save Configuration
Repeat the above, many people don't pay attention to this, I am very depressed:
If you modify this, each time you log in, if you log in, it's not an 80-port, it should be:
Http://192.168.1.1:61080 (61080 is the new port number you modified, what is it used to use?
Telnet is not 23 ports, is: telnet 192.168.1.1 61023
Like the port, the same, you modified the Telnet port number; 2. Through the RDR mapping, the external attack to the ADSL cat open port is transferred to the interior
Do 4 RDR mappings on the ADSL cat, map the access to the 21/23/69/80 port of the ADSL cat to the intranet
On IP, the IP package for transfer attacks.
Specific operations See:
http://www.516600.com/cgi-bin/lb500..rum=54&topic=25
Note: The port 21/23/69/80 corresponds to the FTP / Telnet / TFTP / HTTP service.
3. Open ADSL cat's firewall function
Click Service Service-Firewall FireWall- to protect Attack Protection and DOS protection by ban
license.
For users who have no firewall FireWall in the Service page, turn on the firewall as follows.
1. Enter the DOS interface
2. Type Telnet 192.168.1.1
(If you have a modification port number, please add a port number, such as Telnet 192.168.1.1 61023)
3. Login appears: Type an account (such as ADSL)
4. PASSWORD: Type password (such as ADSL1234)
5. ATTAKPROTECT ENABLE ATTACKPROTECT Enable
6. Appearance $ MODIFY FWL GLOBAL DOSPROTECT ENABLE
7. Appeared $ Type CommMit
The above three are used as much as possible
3. Upgrading ADSL cat's firemware
There is a place to provide new ADSL FIRMWARE (as 2 sites below), updated to the latest Firmware
Avoid such problems, but upgrades have risks, and each brand's Firmware is indistinguisha, everyone will clearly upgrade.
Now discussing this online, the following is the relevant website, the above related details can be found in these 2 forums:
Official Forums:
ASUS ASUS NETQ Forum:
http://netq.asus.com.cn/inside.asp?...baf%u4ea7%u54c1
Unofficial Forum:
You and I de Forum District -> [Broadband Technology Exchange Area]
http://www.516600.com/cgi-bin/lb500..ms.cgi?forum=54
Also reminded:
Open the ADSL cat of the routing mode, modify its login password. Cat in routing mode, HTTP / TELNET
They are all open. People who are outside the network, you can also log in to your ADSL cat. If the password is still the default, it is easy to be
Bored people landed and modified.
