[CLUE-Tech] Qwest, DSL and Linux/BSD?

Frank Whiteley techzone at greeleynet.com
Mon Jul 1 00:50:14 MDT 2002 

----- Original Message -----
From: "Timothy C. Klein" <teece at silverklein.net>
To: <clue-tech at clue.denver.co.us>
Sent: Sunday, June 30, 2002 11:51 PM
Subject: Re: [CLUE-Tech] Qwest, DSL and Linux/BSD?


> * Matt Gushee (mgushee at havenrock.com) wrote:
> > On Sun, Jun 30, 2002 at 10:31:33PM -0600, Dennis Pickering wrote:
> >
> > > >2. Is the Cisco 678 easy to set up for certain incoming services like
SSH?
> > > >Do you just forward to a box that handle SSH?
> > >
> > > I did that for port 80 on the 675. Had to read carefully but once I
get it,
> > > it was easy. (Hopefully the 678 has a friendly web interface with
> > > (pinholing)
> >
> > The 678 is basically an updated version of the 675. It has a web
> > interface, but you're strongly urged to disable it for security reasons.
> > Maybe it would be alright to use that just for the initial setup,
> > though.
> >
Keeping the web interface enabled makes the router vulnerable to Nimba hits
and other port 80 probes.  You can change the web port, but it's better to
set the web interface disabled and also change the web port to something
obscure.  I'd also recommend setting the telnet port to an obscure number
also.  The Cisco can only accept one telnet session.  Attempts take a minute
to time out by default.  If someone hits port 23 every ten seconds, you get
an error log full of messages about the maximum session limits being reach.
I've seen telnet access to a router denied for up to 8 hours by such probes.
At some point you'll run out of memory.  If you haven't set the executive
and management passwords, the web interface won't open, nor will telnet, so
you have to use the management port.

>
> Aside from some minor software upgrades, there is actually one crucial
> difference between the Cisco 675 and 678:  the 675 uses CAP line
> encoding, and the 678 uses DMT.  That is how the DSL signal is stuffed
> onto the wire.  It would be mostly academic, *except*, Qwest no longer
> deploys the CAP encoded lines.  All new DSL is DMT.  So, in short,
> unless your service in grandfathered, you have to now use the 678.  So
> if you look for one used, you have to get the 678 for new service.
>
CBOS 2.4.3 encrypts the passwords.  Earlier versions are pretty loose.  C678
can do both CAP & DMT.  New C678's are still shipping with CBOS 2.4.1 and an
upgrade CD.  You get to flash it right out of the box!  Great experience for
joe consumer.

Frank Whiteley
Greeley

More information about the clue-tech mailing list