*Fixing* a Virgin Media Super Hub...

So, After struggling with getting SSH to work reliably on my Virgin Media Super Hub I finally decided to give them a call and face the inevitable "ss what" questions from tech support. They didn't dissapoint but did however tell me (after suggesting I restart my router) that there is a firmware update available and that I should reset my router to get the update.

My super hub (which I will refer to a router from here on as it's neither super nor a hub) is a Netgear VMDG480, I have no idea what the firmware was before the update but it is now on boot code 2.3.0beta7 software version R36. This info can be found by connecting to your router in a browser and going to router status in the top right of the page (before you log on).

I was worried that this would mean re-configuring my wireless and port forwards etc but thought it was worth it for the potential fix to ssh.

The first step was to press and hold the reset button on the router for 20 seconds. I counted this out much to the amusement of the tech support operative however it looks like 20 seconds is when the virgin logo on the front of the router (normally Blue) turns red. I released the reset button and waited for the lights to calm down.

After renewing the dhcp lease on my PC ( start, run, cmd, ipconfig /renew) I logged onto the router which was now on 192.168.0.1, my first task was to change the ip address back to 192.168.1.1 as that's what the rest of my network would be expecting. Turns out this is not as simple as it ought to be.

So, after going to the router in your browser and loggin in with the default username and password (admin, changeme) you have to go to advanced settings (button in the lower right of the window). Once there you need to go to the DHCP section and select DHCP settings. Once there you will find the IP settings. I found that trying to change to 192.168.1.x caused an error relating to the"guest lan" which is interesting as I can't find any reference to the "guest LAN" anywhere else. Changing to 192.168.30.1, restarting, renewing ip, then changing back to 192.168.1.1 did seem to fix this issue however.



The DHCP setup is a little different to "normal". You enter the starting IP address for the DHCP range and then specify how many users you want. This then sets the end IP address. A little backward if you ask me but then since when has the router IP address been a DHCP option?

Please note that you need to click the Apply button from the bottom right of the window, wait for the router to restart, renew your IP and log back on to the router each time you change the IP address. Failure to do so will cause problems.

At this point I decided it would be a good idea to change the admin password, no option to change the username unfortunately but I wasn't expecting miracles. From the advanced menu you will find the password option in the "user interface management" part of the "device management" section. Turns out they are doing something wrong with the passwords as there is a limit of 15 characters and can only be letters and numbers. No salted hashing going on there then.....Still, that's not a bad length and alphabet size.


Last but not least there are two very insecure, flawed systems turned on by default that need turning off.

The first is WPS which allows you to connect wireless devices using a pin number rather than a proper passphrase. WPS can be trivially cracked using free software in 4-10 hours this then gives the attacker the ability to get your WPA passphrase (this is a bad thing!) Turn it off by going to Wireless, WPS Settings and unticking the Enable WPS box followed by apply.

The Second is UPnP. This is almost universally considered to be a bad thing from a security stand point. It introduces all sorts of security loopholes most of which are used by Virus to give them access to parts of your network they would not normally have. Take my word for it and turn it off. Right down the bottom of the advanced menu, under UPnP, uncheck the box and click apply.

That's about it for now. You could go and change the ssid and wpa key too as I always think having those on the back of the router is a bad plan (especially if someone can look through the window and see it) but I'm not going into that.

My Assent of the sugar hill

After listening to a couple of pod-casts by my favourite security researcher I have done a little bit of research into Very Low Carb diets. The logic that out bodies are designed, by evolution, to require a specific foods seems to be sound and the logic that Complex carbs isn't part of it also seems sound. So yesterday I started on what is currently a very badly planned very low carb diet. I am intending on writing up some of my experiances and findings to keep a record and maybe try and help anyone else that fancy's giving it a go.


This all started after watching the following 2 video/pod casts which were put together by the "TWIT.tv" team of Leo Laport and Steve Gibson. They normally do a security pod-cast that I listen to but put these 2 specials together


http://twit.tv/show/twit-live-specials/124
http://twit.tv/show/twit-live-specials/125


Now, that's over 2 hours of viewing so don't go looking if you are pressed for time. My précis is this; We are not designed to eat complex carbs, our bodies (given chance to get used to it) can run fine on fat, there are several perceived health benefits from allowing our bodies to run on fat. To get your body to run on fat you have to deprive it of carbs (cut them out of your diet as much as possible) and give it about 1-2 months to balance it's self out.


Steve Gibson also has a lot of information on his website at http://www.grc.com/health.htm including some book / further reading which I am part way through.


So the first problem I hit was that there is no way my wife or 2 year old daughter are getting involved in something so off the wall unless I am convinced it will do them good. At the moment I'm not convinced so I'm in this on my own. The second problem is that whilst this low carbs thing is very similar to the Atkins diet it's not quite the same. You are not supposed to be replacing all the calories from carbs with ones from protean, but rather with fats. Now I know most red meat has lots of fat too but I think that's probably missing the point.


So, I need to work out what I can eat for Breakfast, Lunch and Dinner that doesn't include carbs but does include enough calories (I need to loose a couple of stone so missing some kcals won't hurt). It seems that Eggs are quite common which is a little worrying as they are one of my allergens but maybe the change of diet will help with the allergies too....


Yesterday I had olives and cooked chicken for breakfast, an epic fail of a beef and salad sandwich for lunch and mixed cold meets (leftover from a family party on Sunday), yoghurt and grapes fro Dinner. This morning I have had raspberries, muller rice (not so good) and grapes. I really need to get it a bit more together than that or this isn't going to last very long.


I have also started checking various "health" related things to try and keep an eye on my self. Weight, blood pressure, heart rate, body fat %, blood sugar. I have also ordered some ketostix which (amongst other things) monitor the levels of chemicals in urin to see if you have reduced your carb intake low enough to force your body to start changing over to fat burning mode.


Please note, I am not a doctor nor a nutritionist. This is purely a write-up of how things have affected me and not direct advice to anyone else. (please don't sue me.....).


GW

Musing number 1 please

So, I'm starting this blog in order to work out how blogger works so I can re-direct some customer domains this way. Let's see how we go eh.