This document is copyrighted/copylefted by Tom Alsberg, and licensed under the GNU Free Documentation License - the FDL, whose latest version can be found at: http://www.gnu.org/copyleft/fdl.txt This document is right now somewhat incomplete, and I'll probably add more info to it later on. * How to change the password of the Orckit ADSL modems you get from Bezeq's WOW service: Note: Although I believe this info should work with any Orckit ADSL modem/router, I have only tried it on one Orckit's ATUR3 modem. So I'd be glad to hear from anyone about interesting experiences with other Orckit ADSL modems, and if you had this problem with a non-Orckit modem, and this document helps you, I'd also like to hear from you. So in short, for any comments, see my contact info down at the end of this document. Some Bezeq ADSL users in Israel probably wonder how to change the password of the Orckit ADSL modems some get from Bezeq. Some don't care, being the only ones who have telnet access to that modem. But if others have some sort of remote access to your machine, they're probably able to open a telnet connection from it to your modem, and do some unwanted things, with the default password. The default initial write-access password to the modem is 'password' - widely known, and really easy to remember. (although the tech support people at Bezeq claim only a few seniors at Bezeq know that password...) Port-scanning the modem on TCP shows the following open ports: Port State Service 23/tcp open telnet 80/tcp open http 1723/tcp open pptp Port scanning the modem on UDP shows the following open ports: Port State Service 69/udp open tftp 161/udp open snmp 520/udp open route With write access to the tftp/telnet/snmp (and probably also route, although I haven't checked it yet) services on that modem one can do a lot. With telnet access one can open a terminal session on the modem, and play around with various parameters. With tftp one can upload files to the modem's file-systems, and change various things too. With snmp - the Simple Network Management Protocol, one can set variables on the modem's MIB trees. HTTP should maybe allow web administration or something, but always gave me an 404 (file not found) error. I might somewhen check more about it, maybe one can upload some files to one of its filesystems to be accessible over HTTP... (Again, if you discover something not in this document, I'd love to hear from you, see my contact details down at the end of this document) First thing I did to block all that access was just setting some firewall rules not allowing any outbound packets to the modem except for pptp (Microsoft's VPN protocol, which the connection is tunneled over) on TCP. Of course that wasn't too elegant of a solution, so after solving a few other problems I had, I went to try to change the modem's write-access password. I installed the SNMP client utilities, did an snmpwalk on the modem with both the public community access and the password community access. There was no difference in the results, since snmpwalk only reads anyway, and I saw no password field there. But after I knew more about SNMP, and noticed both the public community and password community worked also as passwords for the modem on telnet connection, I opened a telnet connection to the modem, went into the snmp subsystem, and a help showed me what looked like what I wanted - the access command. First thing I just entered the 'access' command, and got a list of access communities as follows: access read public access write password So all I wanted was to change the password of the write access. 'help access' showed me what I wanted: access syntax: snmp access [read | write] [] - allow read-only or read-write access snmp access delete [] - revoke specified access snmp access flush - revoke all access snmp access list - list allowed access The field is the 'password' which lets you access the modem. So by entering a command like: snmp access write nobrain You allow the nobrain community write access to the modem. 'access list' then shows you the following: access read public access write password access write nobrain Now you can also telnet to the modem and enter a password of 'nobrain' for write access. Now you want the old password/community not to have access anymore, so you just delete it using the command: access delete password Now you probably don't want to use nobrain as your write password, so just think of something hard to guess, yet easy for you to remember, and you should know now how to change it. The changes you made get saved in the modem's RAM memory, which means they won't remain that way after the modem restarts, unless you save it to the modem's flash memory. After you're sure you can remember your password, to save to the modem's flash memory, enter the command 'config save' in the snmp subsytem prompt. There you go. Now if you did all that correctly, the modem's password has changed, and you should be safe. Note that you probably cannot open two telnet sessions to the modem at the same time, so when you finish your telnet session, enter the '@close' command to disconnect from the modem. Other related links: mulix's updated Bezeq-ADSL-HOWTO, if you want to hook up to ADSL over GNU/Linux: URL: http://vipe.technion.ac.il/~mulix/adsl-howto.txt mulix's pretty-elegant patched version of pptp-linux, to save you some ugly patching: URL: http://vipe.technion.ac.il/~mulix/pptp-mulix-0.06.tar.gz -- Tom Alsberg Contact info: e-mail address: alsbergt@softhome.net Usually nicknamed as Zoopee on EFnet/OpenProjects IRC networks. History: Last modified on Tuesday 2002/09/06 by Tom Alsberg. First draft created on Tuesday 2001/04/25 by Tom Alsberg. Credits: Thanks go to Tomer Klainer (mandor) from the system group of the Institute of Computer Science, at the Hebrew University of Jerusalem, for pointing me out to the SNMP protocol.