[AusNOG] Draytek 130 blank username/passwords
Martin Visser
martinvisser99 at gmail.com
Fri Jun 25 18:20:44 EST 2021
Wow, amazing to hear about these problems still out there. It must be
nearly 20 years ago I got called up by one of our senior consulting
managers to help them with an issue. We were providing a lot of support
services for a VERY BIG telco whose RADIUS servers were being
absolutely hammered. They were running on our UNIX machines, single
threaded I think, Perl based RADIUS service. The short term solution I had
to run with was to basically double the two processes and listening ports (
I think they were listening on 1645, 1646 and we would enable 1812 and
1813). The effort was mainly around making sure all the automation around
operations worked and satisfied all the SLAs.
The big problem was a lot of modems were getting shipped with default
passwords that would get rejected and they would just end up looping until
the home owner configured their credentials after logging a call with
Telco support. (Basically they would plug the modem in and expect it to
work). I recollect that one particular brand of modem would have a retry
loop of something like one minute. They were contemplating a project called
"Go To Jail" which would allow modems with wrong credentials get
authenticated still, but end up in a quarantine network and I think use DNS
on any web browsing to basically tell the end user to use their proper
account credentials. I guess this was all before the days of shipping out
provisioned modems.
Anyway it got me a 6 week weekly commute to Melbourne in Winter to sample a
lot of fine restaurants around the CBD.
Regards, Martin
MartinVisser99 at gmail.com
On Tue, 22 Jun 2021 at 13:34, Benjamin Ricardo <ben.ricardo at acs.com.au>
wrote:
> Hi All,
>
> Looking for some shared experience here.
>
> We’ve had a complaint from our NBN wholesaler that our Draytek’s, which
> are configured in PPPoE passthrough, are sending blank authentications to
> their Radius server at a rate which is impacting their services.
>
> Our standard deployment since about 2010 has been to deploy an xDSL type
> modem in PPPoE passthrough and then use a router to send the
> authentication. Interestingly we’ve never had this complaint before…
>
> Our work around was that our wholesaler requires the credentials to be
> sent on a vlan so instead of using the Draytek to handle the vlan-ing we
> changed the router to insert the vlan (so the Draytek can be as noisy as it
> likes and it doesn’t affect them)
>
>
>
> I’m wondering if others have also had this experience with these devices…
> and what you did about it?
>
> Also, surely if the stupid Draytek is in pppoe passthrough it should know
> not to try to authenticate itself???
>
>
>
> Cheers,
>
> Ben
>
>
>
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20210625/07b53f3f/attachment.html>
More information about the AusNOG
mailing list