Backdoor routes

Similar Messages

• Purchased iPhone on O2 today without realising not out of TMobile contract!

  Hi there
  Today I purchased an iphone 3GS at Carphone Warehouse in Central London. I am currently on TMobile and they went through all relevant checks to get me onto O2 etc. However although CPW told me I needed to get a PAC code from TMobile they omitted to tell me that if my contract was not due for expiry I would be subject to penalty chargs from TMobile!
  In meantime, I get set up on O2 and buy the iphone etc. But when I phone TMobile to get my PAC code they tell me I am still under contract with them until January 2010 and if I end contract now I will have to pay £160 penalty to do this . . I was livid, not expecting it all. So didn't cancel my contract there and then but decided to go back to CPW for further advice.
  Anyway, I go back to CPW to see same guy as I saw when I bought the iphone earlir and tell him not happy he didn't point this out etc. but he tells me there is nothing CPW can do - if I break the contract early with TMobile, I break the contract, simmple as, and if necessary have to pay fees to do it - on the basis that they're losing my monthly business.
  I am currently on TMobile Flext 35 tariff - the guy at CPW did suggest I could call them back and ask them to put me on the next tariff down and then ask them to cancel my contract after I've downgraded. as the penalty may work out cheaper.
  So right now I am in a dilemma - I really really want the iPhone but don't want to pay £160 to TMobile for the privilege!! I have already paid £96 for the iphone to Carphone Warehouse.
  So . .
  - should I just wait for my TMobile contract to end in January and cancel my iphone and retrn everything back to Carphone and get my money back? (if I do this won't be able to reapply for an iphone for 3 mths).
  - should I ask TMobile if I can downgrade my account to next tariff down, and then call them back to get the PAC code in hope that it will be a smaller penalty?
  bottom line is - does anyone know if there is a "backdoor" route around the whole TMobile contract penalty so I don't have to pay £160 . ?
  I so want the iPhone but not prepared to shell out more ££ to TMobile.
  Any help plesae!!!
  many thanks for any help & advice with this

  Thank you for the quick response. Unfortnately I have been a little naive on the contract side of things and assumed you would just be able to leave. Or at least pay a much smaller tariff. I will see what the lowest tariff is that TMobile could put me down to.
  One thing - I want to keep my existing mobile number on O2. I wouldnt be able to do this if I kept T Mobile and O2 running at same time would I?
  thanks regards

• Firefox 4 has no sound when connected to my internet radio site

  Well i just tried to upgrade from 3.6 to 4.0 only to immediately discover this lost my ability to listen to eve radio.com. (streaming internet radio) Both FF versions had the same plugins and such enabled and up to date in particular the WMP addon, checked volume/mixer on the computer and site etc etc but gave up and uninstalled 4 and reinstalled 3.6. Not sure if its the windows media player not working with the new 4.0 or what, but i will be sticking to 3.6 until this works with the new version.

  I can not hear a local radio station ..www.dundalkfm.com.. using Firefox 4 but can pick it up with IE.
  Not only that but it is almost impossible to locate the station website using Google or any other search engine but it can be found using a backdoor route.
  Curiously a new internet radio station in the same region near Dundalk Ireland which has only begun transmission on Sunday 19-June-2011 can be picked up on Firefox 4 and already the station website can found immediately with Google.
  I KNOW beyond any shadow or question of doubt that it is purely coincidental that the same lad who set up both websites is the main man with the new radio station !!
  Is there any other possible reason or solution for this situation ????
  I have just downloaded Firefox 5 in the hope that it might change matters but I do not really think it will .
  So ..anyone out there who might be able to help ??

• Mpls and Vpn

  Would like to know if you can specify a general static route with mpls.  I have three sites in a hub and spoke. Spoke A is linked to the hub site via a site vpn to a hub site isr.  Spoke B is linked to the hub via mpls to a standalone mpls isr.  I can’t get from spoke A to B and from spoke B to A.  The mpls isp tells me that I cannot do this because spoke A’s local subnet is not part of the mpls peering(and is on another isp).  Don’t have a lot of familiarity with mpls but  I am wondering why you cannot do a static route of the form: ip route <spoke A lan> <mask> <hub site isr> in either of the mpls isr’s? 

  Hi,
  So:
  B --- mpls ----- HUB ---- vpn ---- A.
  HUB connects to A and B, right?
  I do not see any problem on doing a static route like you said on the client vrf (client from isp point of view).
  Maybe they are afraid of backdoor route on the mpls (not the case) or there are some conflicts between mpls management ip addressing and spoke A lan.
  I have various similar configurations in mpls with static routes, ospf , rip and bgp without any problems and using different isps.
  Ask your mpls isp what is the reason to not create that static? Instead you can ask to make default to a router in your management.
  Regards,
  Pedro Lereno

• Software Hook?

  Installed my 'new' Linksys router wrt120n.Its working great however Im a bit frustrated-just entered wireless world and Im unclear why software option Net Magic is auto loaded when using CD. Why isnt it an option to install & setup router as it will be used, without buying addtional software?  
  Am I going to have reset up after the 7 day expire date?
  Will I constantly be asked to purshase software after 7 day trail?
  Will I be able to set up shared printers/files with out this software using this router? (I gather my intial setup with netmagic will stop in  a few days. so Im going to have to do this again. THAT annoys me. Why
  Since Im NOT buying software and I want to get this up & running without ever having to fiddle with it (my opinion using wireless should be transparent) should or can I uninstall the netmagic trail and get a permanenet set up going  instead of waiting for the 7th day surprise?  Maybe Im being a bit sour but I think it should be made clear what happens when you use the CD for 'easy' install-

  Purchased the Essentials program which is just a key to partially activate networkmagic. More $
  So my $50 router cost 85 to get what is stated on the box, what i thought I was origanally buying.
  No where on the box does it state that you have to purchase software to accomplish/access the advertised features. "..and share files"
  It does have a check box next to "netmagic trial" on side panel of box, Should have said "link to required purchase to access features advertised".
  It aslo has a large sticker on front of box for free trail of some security program that wasnt included. thankfully unless the network lock feature of network magic is another hook thats going to pop up in 30 days....activate now for $$$
  Bottom line great router for what I need, unfortunate that Linksys needs to go this backdoor route, but due to the way the software/setup  is configured, due to what was advertised and what you actually get, I feel quite like a moron and ripped. But its working,
   Lesson learned, NEVER purchase anything again from Linksys/Cisco.
  Getting my kid wireless for Christmas guess what it wont be. Curious maybe Linksys/Cisco started out in the shareware market.
  I doubt this will help anyone, just not a happy camper, this wont be resolved untill I buy another router and I dont care if its a wind up and has tubes, it wont be a Linksys or Cisco product....

• Considerations for L3/Internet VPN

  Hi,
  Can anyone please share their experiences regarding huge L3VPN deployments, want to know things like possible issues, considerations, feasibility and general technical challenges that I might face...
  I am talking about VPN with 30+ sites...
  Thanks
  Sultan

  Too add some more...
  We are doing a very large (and complicated) roll out right now. Of couple of things we have run into that you might want to keep your heads up on.
  1. Be sure all your VPN's, RD's, RT's are well documented. Know if your going to use complex VPNs, overlapping VPN's and what RT's you'll need and where.
  2. I would use BGP Route Reflectors over a fully messed BGP backboone, however BB RRs will only advertise the best routes, you may need to use something to differentient your routes at times. For instance we have an Internet VPN coming from two different PEs, at times we want customers to use one Internet route at one PE versus the other. For the BGP RR to properly advertise two routes within the SAME VPN we need to use Different RD's and implement SOO.
  3. Use the SOO extended community, you'll never know when you might need to act on prefixes for one reason or another.
  4. Look into Cisco's IP Solution Center (ISC). At first I hated this prodcut (I tell my student's GUI's are for the week and timid..hehe). But this product can help rapidly deploy VPN, L2VPNs, Service request, TE and all kinds of good stuff. It's an expensive Service provider product. But it's pretty cool!
  5. Use OSPF or IS-IS on the core. For your core IGP only use OSPF or IS-IS. These protocols will scale, and there are the only two that will support MPLS TE (traffic Engineering). OSPF and MPLS go hand in hand, the really do. The OSPF super backbone makes the area 0 problem go away. But watch for backdoor routes and stuff.
  Food for thought....
  Karl Solie

• Why have BT put a backdoor in the 8.1.H.J firmware...

  Hi all. Some know me here because I worked out how to unlock the Home Hub 1.5 and 2 so that they can be recycled and used on non BT connections.
  Some don't like me because I talk straight, which is what I am going to do now.
  This is a question for the BT staff.
  Would you like to explain to myself and the other good people out there in Home Hub land the reason why you have put in a back door so you can access any router with firmware version 8.1.H.J without the owner's express permission?
  Before you start your denials I wish to state my case and submit my evidence.
  Exhibit A: Firewall: In the default firewall files this line has been added:
  rule add chain=forward_custom name=BTAgent srcintf=wan dstintf=lan dstip=192.168.1.253 serv=BTAgent_dst state=enabled action=accept
  As most Home Hub nerds will attest this is a serious hole in the firewall which allows all traffic from the wan interface (internet) to the lan interface ip 192.168.1.253 which is the secondary IP address of the Home Hub.
  In layman's terms this allows BT access whenever they want and to whatever they want does it not?
  Exhibit B: Bt's added files
  The files above have been extracted from my own 8.1.H.J firmware please feel free to download them and examine them with text and hex file readers. Actually I encourage you to do so.
  The files on the link above are the added extra BTAgent files that you have felt would some way benfit us by adding. They do contain access keys which means the hole in the firewall you created in Exhibit A does have a token measure of security, but let's be honest here what the hell are you doing in my router without my permission in the first place?
  I am no linux expert by any means, however even I can see that you have added a firmware update routine as well as a writeable directory in the user accessable flash memory and the necessary instructions for uploading and executing your own plugins (software) on the router!
  With this in mind I feel you have performed a serious breach of privacy and endangered your customers online safety by knowingly creating flaws in your equipment's online security. This being namely the hole in the firewall mentioned in Exhibit A
  Then there is the fact you can upload and run whatever plugins you like on my or anyone else's router that you deem fit. That could be any monitoring software, click tracking, PHORM, or whatever you wish.
  This I feel is in breach of trust between provider and customer as you can use anyone's router for your own purposes whenever you like and without anyone's, including the router owner's knowledge. Surely this cannot be legal?
  You can argue that this is just a new update system, however the old CWMP/ACS system worked just fine for that last goodness knows how long and how do you explain the libplugins.so executable?
  I await your reply.
  Erlidoch 'm namyn ewyllysi erioed arhosa 'm

  This is deeply disturbing, and recalls the recent thread on the old Beta BTVision forums that suggest a similar backdoor manipulation of the BTVision box, allowing viewing behaviour to be monitored and intrusive and disruptive targeted adverts to be shown; that thread had nearly 3000 views in a week!
  I have started a Privacy and Security thread to suggest that matters of this nature are aired in one location, so if you, psiDOC, or anyone else agrees, feel free to pop over there and add your support for the idea.
  Pash
  Value Added Guest (Inspiring Not Aspiring)
  Rate a post if you like it! - just click the star under the user's name on the left. (N.B. ratings facility no longer available in Forum Help and Suggestions; nor is it available in the Lounge)

• BGP BACKDOOR

  From the documentation that i have read concerning bgp backdoor, i assume that a network marked as backdoor is NOT advertised:
  network x.x.x.x backdoor
  -> if network x.x.x.x is received from eBGP, its admin distance is changed to 200, to prefer an IGP learned network. However, network x.x.x.x is not advertised to BGP peers by this command, even if x.x.x.x has an exact match in our routing table. Correct ?
  But what will happen in the following situation:
  router eigrp 1
  network x.x.x.x
  router bgp 65000
  network x.x.x.x backdoor
  redistribute eigrp 1
  neighbor y.y.y.y remote-as 65100
  Will network x.x.x.x be advertised to AS65100 by the redistribute command ?? Or will the backdoor command prevent this ?? Will the backdoor command only work on received routes from AS65100 ???
  Can someone shed some light on this ?? I am unable to test this in a lab at this time.
  Regards,
  Geert

  Hi Geert,
  According to what i have read in CCIE Professional Development Routing TCPIP, Volume TWO.
  The address specified by the network backboor command is not advertised to EBGP peers.

• Port 4567 (backdoor)

  Hello, After a lot of digging around this forum i found i very useful post, it talked about a backdoor in the firmware. The thread is read only, it had been closed due to repetitive posts http://community.bt.com/t5/BB-in-Home/Why-have-BT-​put-a-backdoor-in-the-8-1-H-J-firmware-that-allows​...
  It appears that there is a different one within the 4.7.5.1.83 (Type B) firmware.
  A simple scan of the routers services shows:
  22/tcp filtered ssh
  80/tcp open http
  139/tcp open netbios-ssn
  443/tcp open https
  445/tcp open microsoft-ds
  4567/tcp open unknown (hmm what is this)
  8080/tcp open http-proxy
  8443/tcp open https-alt
  I am not trying to intimidate or scare customers, just merely point out what i have found. I think people deserve an answer
  So firstly lets try connecting to this port using a browser
  hxxp://192.168.1.254:4567
  On the typeB HH you will notice a login prompt asking for a username and password! Please keep in the mind this is NOT the password you have set within the hubs web interface Even more concerning this is accessible over WAN IPv6, if it is not a backdoor what is it? I have been told by a BTagent that port 4567 is an essential port in TCP/IP networking. Clearly this is untrue and incorrect. After a tonne of emails i got a response along the lines of "the home hub is a free gift, you dont have to use it" Any mass administrated product is vulnerable, simply because there millions of usernames and passwords. For Practical reasons they must all have something in common.
  I am currently unable to dump the typeB firmware which will contain the secret username and password for my hub. I find it scary that someone anywhere in the world can put in my ip followed by :4567 and be greeted with a login prompt. Also there is no failed login attempts or even a delay between logins, Bruteforce attack is very possible and is able to try millions of user passwd combination's in just a few hours. BTW I did try to disable the port within the web interface with no success I am very interested to hear your definition of what this is, I would personally define it as a backdoor if it is set with a user name and password i am unaware of
  Regards
  Ben

  The Home Hub has an interface to the network which is not visible to the customer. It hosts a network management protocol known as "TR-069". This is widely used in the ISP business to manage routers, set top boxes and the like. TR-069 often uses port 4567. Check Wikipedia for more details.
  The TR-069 interface is used to control the Home Hub (firmware downloads, parameter changes etc.), and this function is carried out using software provided by Motive Inc. More details from Motive's website at : http://www.motive.com/solutions/homenetworking/hom​enetworkingproducts.asp
  The actual product used is "HDM". As far as I am aware, firmware updates and other Hub management is carried out by Motive, on behalf of BT.
  The Home Hub is part of a fully managed system. This suits some customers, but not others. If you want to retain full control of your own networking, your only option is to buy your own router and retire the Home Hub.

• JMS Routing over two AS Nodes

  Hi,
  Is it possible to have a single JMS/AQ point in front of a ACTIVE-ACTIVE AS cluster that routes to a single JMS inbound node?
  Suppose you have two servers with an OC4J instance on each AS. You have a Cache objects running on each OC4J instance.
  A single message is consumed , a MDB calls an EJB on each OC4J instance to check for instance presence in each cache. the JMS should be routed to the OC4J Node whose cache contains the instance.
  Should it be feasible ??
  how??
  Please advise.
  thanks
  JO

  The following document by Mr. Omar Santo should lead you on a correct path of Network salvation ;-)
  https://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature
  Manish

• BGP backdoor link

  Dear Team,
  Can u explain how does bgp backdoor link will work , 
  Scenario :
  Two customer sites connected  different PE  
  CE1>>>PE1(mpls core )PE2>>>CE2 this CE 1 and CE2 have back to back connectivity with Eigrp  , how does the loop avoidance happens here 

  Hello.
  If CE-PE protocol is eBGP., then ISP would be using SOO as loop-prevention mechanism.
  Also, if you have same AS for both CE-PE links, then your CE would prevent the prefix to be learnt due to self AS been found in AS-path.
  PS: I hope this answers your question about loop-prevention mechanism on ISP side; If you have a question about CE network, then additional information needed - what is advertised via each links, what is routing policy (active/active or active/backup), what link is primary (MPLS or backdoor) and etc.

• Can users be routed to a specific transaction upon logging in?

  Hi
  Is it possible make users see a specific transaction when they log in to SAP?
  I know that I can route users to a specific start menu, and that users can set their own start transaction. I thought it would be possible to do a mass update to make users all see the same t-code upon logging in, but it doesn't appear to be as straightforward as I thought.
  Any advice appreciated.

  The problem happens when the user already is logged on, or is only confronted by the login prompt without knowing which transaction, program or command is in the file and which function is set on the ok-code field, nor (reasonably) where the file is coming from.
  The solutions described in the note protect the perimeter of the network and client of the user so if one wanted to "send" them the start transaction then a backdoor would need to be left open. There is also a subsequent server side option to block (at least) the skipscreen option on the server side but I have not tried that yet.
  Where I have seen this technique used (for this same requirement) it was generally a URL sent in a mail or a shortcut saved in a recurring calendar appointment. But I have also seen some html stuff with pictures to click on. Some nice girls might simply be too tempting for the basis guys...
  My personal favourite (for this requirement) would be some basic training and a role menu with the one transaction in it.
  Cheers,
  Julius

• When Primary link restore back route still learn via CE_HQ instead MPLS

  Hi Sir,
  Please refer my issue as below and attachment for log captured;
  1) When primary link down at CE_Branch_1, it will triggered the ISDN to CE_HQ to communicate.
  2) When the primary is up again at CE_Branch_1, the ISDN will be disconnected.
  3) At CE_HQ, when show ip route the 10.106.15.0 network still appear in static route instead of OSPF route. Hence, LAN user at CE_Branch_1 will not able to access HQ anymore.
  4) When sho ip route vrf COURTS at PEWBRF1, you can notice network 10.106.15.0 is still learned via 202.178.128.70 and not 178.28.0.20.
  5) Have tried to manipulate the route-map with set local-preference = 50 and set weight = 0 for network 10.106.15.0 that being redistributed from OSPF into MPBGP at PEWBRF1 still doesn’t help. Furthermore, I encounter the route have become RIB-Failure when show ip bgp vpnv4 vrf COURTS.
  6) At CE_HQ, there is floating static route being configured to point to CE_Branch_1’s LAN, ip route 10.106.15.0 255.255.255.0 128.1.1.15.
  7) When show ip bgp vpnv4 vrf COURTS 10.106.15.0 and show ip route vrf COURTS 10.106.15.0 at PEWBRF1 the route 10.106.15.0 still prefer to come from CE_HQ. This is the problem, now the CE_HQ can not reach CE_Branch_1.
  Please advise.

  Folks, this is typical working when using OSPF. Using OSPF the down bit is set on LSA (not all of them but I dont need to go down that far). Because the router is redistributing the static routes into OSPF the PE router shall receive the routes via the mpls cloud from that redist point. It will then get them back from the original PE-CE but these will never come in. You have GOT to configure sham-links between any area (PE)s that have a backdoor between them. If the ISDN line is using OSPF then what happens is that the routes across the ISDN line appear as "O" routes and the routes from the PE-CE conenction appear as "IA" routes. Hence the ISDN line is the preferred path. Read up on sham-links as they go into the real detail of why this happens. Once you get used to what is happening it all rather makes sense. :-)

• Routing over LAN

  I have two sites that each have a router and switching.  I am going to connect these two sites through a fiber connection.  The one subnet is 10.110.46.0/24 and the other site is 10.110.145.0/24.
  Each router has a MPLS connection back to the corporate office that is using BGP to route.  Since these sites will be able to connect via fiber I would like to route them over the LAN and not the wan.
  Do I need to create a new interface on each router. So on the 10.110.145.254 router do I need to create a 10.110.46.X interface.  And on the 10.110.46.254 router do I need to create a 10.110.145.x interface?
  Once these are created as directly connected routes should they sites start talking to each other over the LAN as opposed to the WAN?
  Also,  all the switches live in the same VTP domain.
  Thanks

  The following document by Mr. Omar Santo should lead you on a correct path of Network salvation ;-)
  https://supportforums.cisco.com/document/148471/what-bgp-backdoor-feature
  Manish

• How do I use my airport extreme with my FIOS router?

  How do I use my AirPort Extreme base station with my FIOS Router to extend my network?  I have hard disks connected to my AirPort Extreme and would lik to access them.

  Probably can't answer all your questions - but.... I use a Linksys (wired and wireless) router as my primary entry point for FIOS. I use a Time Capsule and an Airport Express as a common wireless connection. So I have two visibile wireless networks and use them both depending on where I am in the house. Both the TC and AEx can be seen either wirelessly or wired from the entire network. Note - the Linksys provides all the DHCP - you set the apple routers as "bridge mode."