Friday, June 3, 2011

The easiest way to recover admin password of BSNL ZTE DSL modem

In my previous post, I had described how to recover the admin password of your BSNL ZTE DSL modem, provided you have the modem configuration backed up.

But if you don't have the config file backed up - recovering the admin password is all the more easier. Read on to know more.

Model: BSNL Dataone ATE ZXDSL 531B modem.

This post shows how you can get the admin password of the modem without any backed up configuration. You just need to know the modem IP. Let me know if the link is broken - I will write a new post describing those steps.

If your modem/router's basic security is flawed to this extent, then deploying its in-built security measures is like trusting a visually impaired lame duck, one suffering from suicidal tendencies, arming it with banana skins, and telling yourself: "That ought to keep me safe from fire-breathing dragons and the 15 feet tall goblins who ride them!" (a justified exaggeration the "sitting duck" analogy).

I think the cleanest way to protect one's modem/router would be to turn of its wireless capability, jack it up to a Linux box - keep them in a separate private network and convert the Linux box into a router.
Home_machine_eth0 => eth0_Linux_router_eth1 => eth0_Service_provider_box

home_machine_eth0 and eth0_Linux_router network: 10.1.5.0/24
Linux_router_eth1 and eth0_Service_provider_box network: 192.168.1.0/24

Basically hide your router/modem behind a machine over which you have complete control.

As Linux_router_eth1 and eth0_Service_provider_box are physically connected on their own separate network, your first line of defense becomes your Linux box rather than service provider's router/modem. Now it's upto you to defend your fort. Tighten the noose by shutting down services that not required, running the ones that are required on localhost addresses, use iptables and so on.

But dedicating a spare machine at home might be an overkill if you share your wireless radius with:

1. An NRI couple who visit town once every 6 months with an ensemble cast of uncles and aunties of varying shapes and sizes - to attend marriages, visit other creatures of their clan and participate in a few other social (*choke*) obligatory activities.

2. An aunty who thinks that no Computer Engineer is worth his degree if he isn't working at Infosys.

Long story short - if the opponents aren't formidable, the efforts may not be worth it.

2 comments:

Anonymous said...

I don't believe that the linked solution to hacking the password for the network works, while running firefox on ubuntu the page source looks like this:

Anonymous said...

401 Unauthorized
401 Unauthorized
Authorization required.

dumb me can show the html code