SURE AND IDEAL CONFIGURATION OF THE NET ADSL/ATM
E.Sobrino (eid0) 2001
Eid0@micro-electronics
Http: // www.micro-electronica.com
This text this written only with didactic ends(purposes). The author neither plays the role to himself responsible for the evil use that can be given to this information, nor becomes responsible for the programs that it(he,she,I) takes(take) included. If the computer burns, if the hard disk resigns or if a dog bites you on having executed them, you do not claim the author.
INTRODUCTION
The power of the current computers is tremendously superior to these small computers that bring in the shape of routers/modem THEIRS ADSL and ATM. Apart from the speed, with the current computers we can control all the power of the line to our taste, control much better the safety of the system, control of the BandWidth for IP or for service (QoS), etc... In this article we are going to try to penetrate all the functions of the router to the computer that it(he,she,I) does(do) of servant, certainly I recommend that this has linux if it is a question of a PC.
The idea that exists behind of this hack, it(he,she) is to impose the router a false IP, which we do not even have routeada to our LAN, and the fixed real IP to put (the one that gives telephonic) in the computer.
With it we will achieve that the router spends(passes) all the packages as if it was a question of a modem and you prop we will obtain that the services of the router (statistics, tftp, snmp) ... they can not be accessible from out, since his(its) IP is false and not accessible from inet. Besides, with this configuration we are going to achieve that our raw sockets travels freely for the net without they remain in the modem/router, and we will be able to use utilizades since(as,like) nmap, to do spoof, etc...
The problem that we will have to solve is that of the communication between(among) router and host, if we put a random IP to the router him(her) we will not be able to accede like gateway since his(its) ip not pertenecera to the local net of the host. Therefore the ip of the router must belong(concern) obligatorily to the set of ip's of the local net of the host.
To lose the minimal quantity of ip's of the net of the host, the solution appears in the shape of sub-nets, us we will create a subnet of 4 ips, one for the host, one for the router, a broadcast, and one of net.
Well, we go on to the task:
Example:
We have 2 computers in our intranet + 1 computer that hara of servant +
A modem/router ADSL with IP=214.23.112.53
The configuration that "recommends" us telephonic consists of having local IP's in all the computers of the intranet and the fixed IP of Internet have + 1 ip locally in the router/modem and NAT activate in the router.
This is totally ineficiente/inseguro, the code that the majority of the routers take has bugs and backdoors all over(everywhere), leave within reach of Internet a similar insect it has to be qualified as minimum of very dangerously. (To illustrate with an example it(he,she) spends(passes) to me for the head the default communities of the snmp, the assaults TWO to the CISCO with the GET? In the servant http, the mistakes of stack and consequent blockades after scanneo with nmap-f, and a laaargo etc ...)
HANDS TO THE WORK
The fundamental idea that exists behind of the configuration that we want to realize is of creating a sub-net that the router/modem and the servant was forming her; for it and to see maximum possible computers we will put a mask of subnet 255.255.255.252, this allows us have 4 ips in the subnet, 2 estan reserved (ip of net, and ip broadcast) and other 2 seran those who go in the router/switch and in the computer. In our example we will have the following thing.
IP that gives us Telefonica 214.23.112.53
Configuration to putting:
IP of red=214.23.112.52
IP 1, computer servidor=214.23.112.53
IP 2, computer servidor=192.168.0.1
IP modem/router=214.23.112.54
IP broadcast=214.23.112.55
Mask=255.255.255.252
IP's local computers: 192.168.0.x
IP gateway for all the computers intranet = 192.168.0.1 if he wants to become NAT.
CONNECTIONS
To the PC that hara of servant him(her) we will put 2 cards of net (with 1 also podria to do using the IP You Ally, but it(he,she) is mas inefficiently for motives that leave of the aim(lens) of this article, and it is necessary to have in bill that a card of net goes out for some 1500 ptas), we will assign a local IP to one, and will assign the IP to other one of telephonic. Despues we will activate the NAT (or masquerade) in order that the whole intranet has access and we will form the firewall, the QoS and everything what want. In the modem/router him(her) we will put the IP's calculated of net, place and broadcast, will put the exposed maskara it(he,she) arrives and we will activate the function router and will remove all the demas options (NAT, firewall, etc ...).
Now the router is an inaccessible ghost for Internet, though we can come even without ningun problem from our intranet with the new assigned ip.
GRAPH OF FINAL RESULT
Computer 1
192.168.0.2 server(ordenador 3) (NAT/Masqerade)
___ switch/hub 192.168.0.1___
| |-----|_|----------------------------| |
--- | --- 214.23.112.53
_|_ conex. |
| | directa | ipbroadcast=214.23.112.55
--- ethernet | ipred=214.23.112.52
ordenador2 | mask=255.255.255.252
192.168.0.3 /\
/ \ router ADSL
/____\ 214.23.112.54
|
|
INTERNET
CONCLUSIONS
With this we have penetrated all the power to the computer, the safety of the system now this centralized one and dependera only and exclusively of the configuration of the computer servant. The only trick(snag,beating) of this hack is that we will not be able to accede to all 3 neighboring(similar) computers of Internet that take the IP's 214.23.112.52,214.23.112.54,214.23.112. 55, though with complete certainty this seran hosts of adsl that not at least tendran active services.