[AusNOG] 2Wire Modems on Telstra DSL tails - problem?

[Mark Smith]

On Wed, 8 Jun 2011 11:09:49 +0930
John Edwards <john at netniche.com.au> wrote:

> Hi Skeeve,
> 
> Could be a coincidence, but there are some CPE modem/routers that lock up randomly when they receive IPv6 neighbour-discovery packets. This happens even though the modems are IPv4 only. My guess is that there's some latent IPv6 processing code in the linux-based kernels that references stripped-out code.
> 

The shame of it is that these CPE are commonly based on linux/pppd, and
pppd will issue a Protocol Reject if IPCPV6 is attempted and IPv6 isn't
enabled. It's as though they stripped out the Protocol Reject code from
pppd.

> If IPv6 has been turned on today at a BRAS near you, it could be causing the fault.
> 
> These modem/routers include some popular models that are no longer getting firmware updates. I note that we tried to get the vendor to fix this when it was still being developed, only to be told "it works fine on Internode IPv6 with bridged mode".
> 
> For the near future dual-stack PPP aggregation best practice will still need to be per-user IPv6, or a separate login domain.
> 

Cisco have a command to make IPCPV6 negotiation passive, so that the
BRAS would only try to bring up IPv6 if the CPE asks for it - IIRC,
it's "ppp ncp ipv6cp passive" or maybe "ppp ncp passive ipv6cp" that
you'd add under your virtual template. Apparently Juniper have an
equivalent.

> John
> 
> On 08/06/2011, at 10:47 AM, Skeeve Stevens wrote:
> > Just wondering if anyone else is seeing issues out there relating to these modems.
> > 
> > We've got a customer who has many (over 100) DSL tails using Telstra and the supplied modem from "2Wire". 2071A Gateway I think using sw ver 5.29.113.17
> > 
> > At the moment we're seeing a lot of sites lock up.. With their modems needing to be rebooted.
> > 
> > I am wondering if anyone else is seeing an issue… perhaps there is a vulnerability, or scan that is happening at the moment that others are experiencing.
>