Contributions wanted

Rik · Jan 07, 2008, 17:55:19

We're looking to collect as much information on the 2700, various models, firmware, poisoning techniques, set up tips, firewall settings, understanding the logs etc as we can.

If you can contribute, please post in this thread. Thanks.

Lance · Jan 07, 2008, 18:14:25

I find this site useful: http://bt2700hgv.tripod.com/ir1002700HGV.htm

It is also updated quite regularly - 5th Jan being the last time

AlanM · Jan 07, 2008, 20:04:02

The one issue I had with this router at the start, was that I could not stop it going off to the BT servers even with the old DNS poisoning in place (?). The logs confirmed it had been talking them, and I was concerned that if it auto-updated the firmware, then there may come a time when BT issue a firmware which finally prevents anyone using this router on anything other than a BT connection.

I used Opera to edit the pages and set the router to use manually entered DNS server addresses, (which were of course useless using 10.0.0.0 for both Primary & Secondary).
I then put the proper DNS server addresses into the PC's NIC.
All my home PC's - NIC's etc use a fixed IP address.

PC's works fine and the router can't go anywhere !

Great router for long/poor lines. Here's some of my stats:

DSL Down Up
Current Rate: 1952 kbs 448 kbs
Max Rate: 1952 kbs 600 kbs
Current Connection:
Current Noise Margin: 6.0 dB 12.0 dB
Current Attenuation: 63.0 dB 31.5 dB
Current Output Power: 17.2 dBm 12.3 dBm
Profile is 1500

Hardware Version: 2701-100589-005
Current Software: 5.29.107.19
Dual SSID Model

Adam · Jan 07, 2008, 20:11:42

Quote from: AlanM on Jan 07, 2008, 20:04:02
The one issue I had with this router at the start, was that I could not stop it going off to the BT servers even with the old DNS poisoning in place (?). The logs confirmed it had been talking them, and I was concerned that if it auto-updated the firmware, then there may come a time when BT issue a firmware which finally prevents anyone using this router on anything other than a BT connection.

I used Opera to edit the pages and set the router to use manually entered DNS server addresses, (which were of course useless using 10.0.0.0 for both Primary & Secondary).
I then put the proper DNS server addresses into the PC's NIC.
All my home PC's - NIC's etc use a fixed IP address.

PC's works fine and the router can't go anywhere !

Out of interest; would it be possible to set the router DNS to OpenDNS, then block it from accessing *.bt.com that way?

AlanM · Jan 07, 2008, 20:37:20

Wouldn't like to say for sure but I suspect that it may not be quite as straight-forward as that. Perhaps someone else has tried this?
Now that everything is working OK, I'm reluctant to go changing things !

Adam · Jan 07, 2008, 20:39:15

Quote from: AlanM on Jan 07, 2008, 20:37:20
Wouldn't like to say for sure but I suspect that it may not be quite as straight-forward as that. Perhaps someone else has tried this?
Now that everything is working OK, I'm reluctant to go changing things !

I can understand that.

I may give it a try once I have the thing to play with.

Sebby · Jan 07, 2008, 23:58:49

A good one, given to me by a member on this forum, is that you can get a lot of "hidden" information (statistics, etc) at http://192.168.1.254/tech.

Rik · Jan 08, 2008, 09:20:47

You can also substitute xslt for tech.

Lance · Jan 08, 2008, 11:05:35

And, I think, substitute it for MDC

Rik · Jan 08, 2008, 11:07:36

Not to mention home for the IP address.

Sebby · Jan 08, 2008, 20:43:13

Quote from: Rik on Jan 08, 2008, 09:20:47
You can also substitute xslt for tech.

Do you mean tech for xslt? If so that doesn't work for me - it just takes me to the normal stats page.

Rik · Jan 08, 2008, 23:32:27

Might be a firmware issue, then, I'm on SBC.

Sebby · Jan 09, 2008, 00:18:15

Same here, Rik.

Rik · Jan 09, 2008, 00:23:35

So what happens if you use:

http://home/xslt?PAGE=J42

?

Sebby · Jan 09, 2008, 00:27:25

Firstly, if I try and use http://home/ I get nothing anyway, but substituting home with gateway.2wire.net or 192.168.1.254, then I get to the "secret" page, yes.

Rik · Jan 09, 2008, 00:28:41

Weird, it works for me...

Rik · Jan 12, 2008, 14:35:24

This is the best list I know of the router's pages:

2Wire BT2700HGV Router Pages

http://192.168.1.254/setup ..Set up router page.
http://192.168.1.254/ ..Access router config pages.
http://192.168.1.254/xslt?PAGE=J38 ..Advanced – DNS Name Table for DNS Poisoning.
http://192.168.1.254/xslt?PAGE=A08 ..Restart the system (Router)
http://192.168.1.254/xslt?PAGE=B02 ..View Broadband Link Details
http://192.168.1.254/xslt?PAGE=B05 ..Broadband Link Advanced Settings
http://192.168.1.254/xslt?PAGE=J01 ..Network at a Glance
http://192.168.1.254/xslt?Page=J18 ..Advanced–Syslog Settings
http://192.168.1.254/xslt?PAGE=J21 ..Troubleshooting Resets
http://192.168.1.254/xslt?PAGE=J28 ..Advanced – Provisioning Information
http://192.168.1.254/xslt?PAGE=J30 ..Advanced – Configure Services
http://192.168.1.254/xslt?PAGE=J34 ..Advanced - Detailed Log
http://192.168.1.254/xslt?PAGE=J35 ..Advanced – Traffic Shaping multi broadband link config
http://192.168.1.254/xslt?PAGE=J38 ..Advanced – DNS Name Table
http://192.168.1.254/xslt?PAGE=J43 ..Advanced line diags
http://192.168.1.254/xslt?PAGE=J45 ..More diags
http://192.168.1.254/xslt?PAGE=J47 ..Multi broadband link config
http://192.168.1.254/xslt?PAGE=J51 ..Configure the MoCA network
http://192.168.1.254/xslt?PAGE=J63 ..MoCA network
http://192.168.1.254/xslt?PAGE=V00 ..View Voice Network - VOIP
http://192.168.1.254/mdc ..Management interface pages
http://192.168.1.254/images/nav_sl_logo.gif ..BT Logo (or SBC)
http://192.168.1.254/upgrade ..Manually Upgrade the System Firmware
http://192.168.1.254/management ..Management interface System Summary

Rik · Jan 12, 2008, 14:46:40

Have we spelt out DNS poisoning anywhere? If not:

For DNS poisoning: at IE browser address bar enter http://192.168.1.254/xslt?PAGE=J38 then at "Advanced-DNS Name Table"

In the DNS Name box type: cwmp.cms.smehomehubrms.bt.com

In the IP Address box type in: 10.0.0.0

Thanks to Kinmel for these two additional addresses:

pbthdm.bt.motive.com
pbthdm2.bt.motive.com

Adam · Jan 12, 2008, 15:03:43

Quote from: Rik on Jan 12, 2008, 14:46:40
Have we spelt out DNS poisoning anywhere? If not:

For DNS poisoning: at IE browser address bar enter http://192.168.1.254/xslt?PAGE=J38 then at “Advanced-DNS Name Table”

In the DNS Name box type: cwmp.cms.smehomehubrms.bt.com

In the IP Address box type in: 10.0.0.0

Does this work with OpenDNS enabled? I'm not sure if it blocks DNS requests if the DNS servers are changed...

Rik · Jan 12, 2008, 15:12:50

No idea, Adam, I just know it's the basic poisoning method. I suppose it should work regardless of which DNS servers are used.

Sebby · Jan 12, 2008, 17:49:30

That's a very useful set of links, Rik. Thanks.

Rik · Jan 12, 2008, 17:50:29

Found and stolen in my usual style.

Sebby · Jan 12, 2008, 17:55:30

You're so modest.

kinmel · Jan 13, 2008, 08:14:01

My dual SSID 2700 HGV is not DNS poisoned to let me see what happens over time.

Once per day it connects as follows:-
INF 2008-01-13T07:49:29Z cwmd: session started, server: 'https://pbthdm2.bt.motive.com/cwmpWeb/CPEMgt';, event code(s): '4 VALUE CHANGE,2 PERIODIC'
INF 2008-01-13T07:49:33Z cwmd: session completed successfully
INF 2008-01-13T07:49:35Z cwmd: session started, server: 'https://pbthdm2.bt.motive.com/cwmpWeb/CPEMgt';, event code(s): '4 VALUE CHANGE,6 CONNECTION REQUEST'
INF 2008-01-13T07:49:39Z cwmd: session completed successfully

The router continues to work perfectly with IDNet.

Does anyone have any idea what these log entries mean ?

g7pkf · Jan 26, 2008, 16:08:57

2-wire with sbc firmware manual is HERE

hope it helps