Skip to main content
Welcome guest. | Register | Login | Post

Dead USR8000-02A Broadband Router

5 replies [Last post]
supermike's picture
Offline
Joined: 2006-02-17

First, there's a reason I'm making this post here. If I post on groups.google.com, the people who respond regarding DSL hardware often have zero Linux knowlege. You guys have all been so nice to me before, so I figured I'd try this here.

I had a bad night.

I tried to take my USR 8000-02A broadband router and do a firmware upgrade on it. It's the routine thing I do about once a week to ensure I'm not sending packets through a hacked router. I keep a v2.7 firmware binary upgrade file around on my Linux system and use the web browser interface for it on 192.168.123.254 to update it. In the middle of this update, they warn you not to touch a single thing until the 20 seconds complete and it is done. I've done the firewall upgrade countless times without issue.

Unfortunately at that point, my browser timed out and the router was dead.

I have a handy little reset button on it when this occurs. The manual says, "To reset, unplug the power supply. Press in and hold the reset button. While holding the reset button, plug in the power supply again. Keep holding until the System LED begins flashing. Release the reset button at that time." I've done this a few times before and sure enough it works.

Unfortunately today at 2am when I did this, the device didn't come back to life. I gingerly took it apart and inspected it to see if there was a jumper or DIP switch I could flip to see if it could reset it to the factory default. Unfortunately, nothing like that exists inside. All the chips are soldered and there's no tape across an eprom (no eprom in fact) that I could remove, expose to light, and put it back again.

So I repeated the reset trick over and over again with different timing. Nothing worked.

If it works, it responds to ping and to port 80 requests with my browser on 192.168.123.254. So far, all I can get is ping activity, which kind of hints at having at least an OS boot up on it, but no web server.

So I disconnected and tried to hit it from Windows 98 to repeat the steps. This was a no go as well.

Using a Win98 laptop with no firewall -- A HUGE RISK THESE DAYS!!! -- I connected to the Internet hot on the DSL modem with the Verizon software. I started searching the Internet high and low for a solution. Nothing seemed to be there as a backup plan.

I then gave up and took the laptop off the Internet. I went back and connected with pppoeconf from command line on Linux. I put in my Verizon information and sure enough it connected. That's why I can post this to you now.

So, instead of my usual 2 firewall jump to reach you all, I'm on just 1 firewall jump, using the iptables firewall script I've implemented on Ubuntu.

If you read anything about how to hack into this device when this occurs, please let me know.

Otherwise, I need to get a new device. It's out of warranty at this point and US Robotics was acquired and spun off again by 3com, making it essentially a whole different company than before. I might not even be able to get tech support for it M-F. Even then, they might not have a solution except for me to ship it back and pay a fee.

The device is $60. I asked my wife if we have $60. We don't. She said we're in a crunch right now, paying bills. So it will have to wait until my next paycheck.

libervisco's picture
Offline
Joined: 2006-05-04
Well if the router is really

Well if the router is really dead then the answer is pretty simple, although not the one we'd want.

But I truly hope there is a solution and that someone here knows it, so let's keep our fingers crossed.

Aside from that unhelpful comment, I am not able to help. I've never even worked with routers before..

Good luck!

a thing's picture
Offline
Joined: 2005-12-20
This is why I want to make my own.

Things like this are why I want to turn my server into my router too. If anyone has any tips, please say so.

(Sorry for sort of hijacking your thread, although I have a feeling no one will know about hacking some small hardware router.)

supermike's picture
Offline
Joined: 2006-02-17
I like 2 firewall hop

I like 2 firewall hop protections in my home configuration, not just one. That way, if I did something to bring one of my firewall hops down by mistake, I have a backup plan. So I put an iptables firewall on my workstations, and then I have another firewall on the broadband router device.

There are some problems with building your own router as the final hop:

  • Will it reboot twice a day (once at 4am and once while you're definitely at your day job) just to frustrate hackers?
  • Will it only allow web page connections on port 80 from the local network (not the WAN)?
  • Will you build the web pages and make them easy enough for anyone on your home network to be able to reset the router or check the connection problem and intrusion logs?
  • Will you restrict connections by MAC address to that port 80?
  • Will you block all other local ports except perhaps SSH and this port 80?
  • Can you prove that the WAN cannot reach that port 80 or SSH (TCP 22) no matter what?
  • Will it check for idle times and auto-disconnect after, say, 5 minutes of no activity from the LAN ports, and be smart enough to ignore non-human requests like NTP sync and DHCP sync as it checks idle activity, but be smart enough to care about ClamAV updates, Linux updates, etc.?
  • Will it offer up DHCP addresses to the local LAN only with not even a remote option to offer it by mistake on the WAN?
  • Will it wake up (not from hibernation, literally, but from a figurative standpoint) and reconnect to the ISP when it detects a connection, and do it fast enough to not cause a browser timeout?
  • Can you put in proxy filters to remove filth like popups, some kinds of exploits and viruses, and certain bad people who are scanning your ports on a sequence?
  • Will it have measures inside to prevent reboots and DOS attacks from the WAN? (Perhaps use 2 network cards to reach the WAN, with one as a failover when the other one is hammered?)

Not to discourage you, though. If you can do all this, and are willing to do it even though routers cost as little as $20 (TigerDirect.com), then go for it.

 

supermike's picture
Offline
Joined: 2006-02-17
Last night I purchased a

Last night I purchased a Belkin router --> F5D7230-4. Before you purchase a router, always check product numbers with Secunia.com for exploits. The Belkin only has an exploit from the local network, and that's fixed by blocking on MAC addresses from the local LAN.

However, I can say that I don't know if I like this web-based software as well as the US Robotics one I had. It sucks, to tell you the truth:

  • The firmware update mechanism has an option to detect from the web server (if you click a button) for more updates. That feature is broke.
  • The firmware update process where you download a BIN file and upload it -- that process complains about congestion on the network while you were trying to do this critical process, and won't let you do it. You have to keep trying and then finally it lets you.
  • The pages occasionally timed out from Firefox and IE on Windows 98 for some reason.
  • The pages, when loaded from Firefox on Linux, download all their content completely and then sit there forever in a loop, as if needing to download something else. However, you can ignore this and just use the web app and it works.
  • On Linux, the javascript used for a page refresh counter, which is used during cycles like firmware updates or reboots of the router, does not work at all. You have to count it yourself and then click "Home", and then click whereever you want in the web interface. Luckily before it does this it tells you what the count was going to be in a yes/no prompt.
  • The logs in the web interface complain of DoS attacks from the local network but most experts who have reviewed this say it's just that the router is sometimes confused about the LAN. However, it doesn't block local network access in a disruptive manner.
  • The logs in the web interface are not very descriptive. They don't tell you the port number that was attempted to be breached or any other information except IP address.
  • There's no way to set static IP mapping with it. You just have to trust that if you set your LAN on static mapping and turn off its DHCP function, that it will accept this and just work.
  • There's no idle timer on it that disconnects the WAN that I'm aware of. Thank goodness that my ISP's modem does this for me (although on a longer schedule than I prefer). This is very important to have because you don't want to have your ISP connection going while you're at your day job and no one is home. It's just a security thing.

That said, however, I noticed that it doesn't impede my speed on the Internet. I'm running anywhere from 800kbps to over 1Mbps.

So, for now, I'm using this thing. However, I plan to see if I can get USR to take their old device back and give me a used, refurb one out of the kindness of their own hearts. We shall see....

 

tbuitenh's picture
Offline
Joined: 2005-12-21
There is a good reason for

There is a good reason for building your own router (which I have never done): freedom! You could even make it send a message to your cell phone when it believes someone is trying to crack it. Don't do this for the portscan background noise cause you will get too many messages, but lots of activity on a honeypot is a good reason to warn you. Or what about integrating Tor into your router? Or a porn filter the kids can't get around (and if they do try, you get an SMS >:) )? Just imagine...

Comment viewing options

Select your preferred way to display the comments and click "Save