Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[psychopomp1]

Probably a long shot but thought I'd ask anway. My FTTP authentication (PPPoE) credentials are stored in the ISP provided Juniper SRX300, i MUST use this to connect to the ONT. Unfortunately, being a managed install, my ISP (Fluidone) won't hand out the PPPoE details so its up to me to extract them and enter them into my Netgear R9000 which would hopefully allow me to connect the Netgear directly to the Openreach ONT, ie bypassing the Juniper behemoth. Would anyone have any idea on where to start? I believe it may be possible to brute force the PPPoE credentials using Hashcat but that's as far as I've got....

Cheers

[burakkucat]

That's interesting, for it was earlier today that I read a comprehensive post in the TBB Forum from a member who has finally got an active FTTPoD service from Fluidone. A Juniper SRX300 was provided, which had to be connected between the Openreach ONT (a Huawei HG8240) and the EU's router. 

After reading the above mentioned post, I have "put by" some Juniper documentation for study and even downloaded the images that were provided to show the installation . . . To this techno-kitteh's eyes, the SRX300 is more visually appealing that the EU's router! 

How to tackle the problem? As I understand it, with the required credentials stored in the SRX300, you will need to monitor (sniff) the Ethernet link between the HG8240 and the SRX300 to catch the CHAP challenge sent (to the SRX300) and its response. Usage of Wireshark will be appropriate. The only uncertainty is how to successfully tap the Ethernet link. 

[burakkucat]

Having now read through the Juniper documentation (the SRX300 How To Set Up Guide and the SRX300 Services Gateway Hardware Guide) I have to ask a few questions --

• Have you tried to gain access to the SRX300 via the serial console port?
• Have you tried loading the rescue configuration (a straightened out paper-clip in the hole to operate the "Reset Config" button)?
• How locked down, if at all, is the device?

[psychopomp1]

That's interesting, for it was earlier today that I read a comprehensive post in the TBB Forum from a member who has finally got an active FTTPoD service from Fluidone. A Juniper SRX300 was provided, which had to be connected between the Openreach ONT (a Huawei HG8240) and the EU's router. 

Yep, that's me on the TBB forum 

• Have you tried to gain access to the SRX300 via the serial console port?
• Have you tried loading the rescue configuration (a straightened out paper-clip in the hole to operate the "Reset Config" button)?
• How locked down, if at all, is the device?

I haven't tried any of the above...TBH the unit looks rather intimidating  I'm worried that if I press the reset button (if it works that is!) it might reset/wipe everything and leave me without web access and the only way might be to send the unit back to Fluidone to re-configure...which I imagine they won't be too happy with. I think its totally locked down, even pressing the on/off switch does nothing, switching it on at the mains is the only way to power it up.

[tickmike]

 The only uncertainty is how to successfully tap the Ethernet link.

Could a network switch be placed in it and connect a computer with Wireshark on it to the read 'chap'

[burakkucat]

Yep, that's me on the TBB forum 

I guessed it had to be.    There was far too much of a similarity to be just a coincidence . . .

Thank you for making those images available. I now know the the specification of the EZ Bend cable and can look up the ITC-T Recommendations for all the details (G.657), minimum bend radius, etc.

"OFS EZ BEND G.657.B3 OPTICAL CABLE #C- M04.8C-"

I haven't tried any of the above...TBH the unit looks rather intimidating  I'm worried that if I press the reset button (if it works that is!) it might reset/wipe everything and leave me without web access and the only way might be to send the unit back to Fluidone to re-configure...which I imagine they won't be too happy with. I think its totally locked down, even pressing the on/off switch does nothing, switching it on at the mains is the only way to power it up.

Acknowledged and understood.

So we need to consider a means to tap the Ethernet link. The simplest method would be to insert a computer with two Gigabit NICs into the Ethernet link.

Huawei HG8240 <-------> Computer <-------> Juniper SRX300 <-------> Netgear R9000

Where the computer runs a Linux kernel based OS and has two Gbit NICs, Eth0 and Eth1. Software-wise (iptables) Eth0 just passes data to/from Eth1 and vice-versa. A logical bond is created from those two physical interfaces and it is the logical bond that is sniffed with Wireshark.

• The HG8240 is in a powered up state.
• The computer (the "man-in-the-middle") is booted up and Wireshark is started with the bond as the target.
• The SRX300 is powered on and allowed to "do its thing".

From the Wireshark capture I would expect you to see three lines of interest --

• A CHAP Challenge from Fluidone's server.
• A CHAP Response from the SRX300.
• A CHAP Success message from Fluidone's server.

In the SRX300's response, I would expect you to see the "login" part of the credentials in plain text. The "password" part of the credentials should discovered by submitting the relevant portions of the challenge and response to Hashcat.

Hmm . . . 

[niemand]

Or just use a cheap switch that allows port mirroring and capture that way.

Cheapo TP-Link Easy Smart switches can do this. I presume any managed switch will suffice.

 

[burakkucat]

Could a network switch be placed in it and connect a computer with Wireshark on it to the read 'chap'

The problem when using a network switch (or even an early generation of dumb network hub) is that the computer's own Ethernet NIC will also "vocalise" in response to the data flowing between the two devices.

Here is the "Enigma Curry" Ethernet Tap which is good for 10/100 Mbps but not for 1000 Mbps. ("Enigma Curry" is an anagram of "Ryan McGuire".)

[burakkucat]

Or just use a cheap switch that allows port mirroring and capture that way.

Cheapo TP-Link Easy Smart switches can do this. I presume any managed switch will suffice.

Interesting. Do you have links (URLs) for any suitable devices, please?

[d2d4j]

Hi burakkucat

If it helps you, I'm sure we have some old ho procurve 2524 or 2512 (2500 series L2 full management switches - the 24 or 12 signify the number of ports available)

You can set port mirroring on these, either from cli or web based - depending upon how you find it easier

A small point to note on these are storm protection is cli only option for turning on/off (incase you want to have multiple incoming connections or setting failover/bonding)

If you would like one sending to you, please pm me but I cannot guarantee to have time to factory default switch. However, it is easy to do with clear/reset buttons or there is a 232/db9 pin management port, and default from telnet on startup

Lastly, 2524 are only 10/100 unless you buy/have the plugin 1000 or fibre

Very last, these are covered on lifetime warranty and hp are one of the few companies who dispose/recovery of old equipment to make new components where possible

Many thanks

John

[psychopomp1]

Thanks guys, perhaps I may be able to throw the SRX300 in the rubbish skip after all 

So I take it the first step is to get a suitable 'sniffing' port switch which i need to hook up to my 1gbps ethernet port on my pc? I guess the switch will need to have 1 gig ports as my connection is greater than 100 meg?

Where the computer runs a Linux kernel based OS and has two Gbit NICs, Eth0 and Eth1. Software-wise (iptables) Eth0 just passes data to/from Eth1 and vice-versa. A logical bond is

Will i not be able to do this within Windows 7 (64 bit) environment as that is what my Thinkpad notebook uses?

[underzone]

You don't want to use a switch, you just need an old hub and wireshark

https://en.wikipedia.org/wiki/Ethernet_hub

[psychopomp1]

You don't want to use a switch, you just need an old hub and wireshark

https://en.wikipedia.org/wiki/Ethernet_hub

Thanks, so i would need to buy something like this

https://www.amazon.co.uk/TP-LINK-TL-SG105-Steel-Gigabit-Switch/dp/B00A128S24

 hook everything up as burrakucat described, run wireshark on my pc and bobs my uncle?

[underzone]

Nope. A hub, like this:
http://www.ebay.co.uk/itm/Netgear-DS104-4-Port-Dual-Speed-Hub-Supplied-with-PSU-/322550041551?hash=item4b197b0bcf:g:CD8AAOSwz71ZPB0t

[niemand]

Didn't even realise you could still get those. Forgot about eBay!

Yep that's definitely the way to go.