Table of Contents
Alcatel Speed Touch Home (Pro) ADSL Modem (Router)
Web configuration: a PPPoA connection
Basic configuration can be done via a web interface, at this default address: http://10.0.0.138/
. The factory password is blank.
Phonebook | |||
---|---|---|---|
Name | VPI | VCI | Type |
tiscali_pppoa | 8 | 35 | ppp |
PPP (add a new entry) | |
---|---|
Name | tiscali_pppoa |
Encap | vc-mux |
Status | on |
PPP Configuration | |
---|---|
User | user@tiscali.it |
Password | ******* |
Connection Sharing | Everybody |
Destination networks | All networks |
Address translation (NAT-PAT) | Yes |
Primary DNS | 195.130.224.18 |
Secondary DNS | 195.130.225.129 |
Local IP | none |
Remote IP | none |
Mode | always-on |
LCP echo | enabled |
PAP | disabled |
ACCOMP | enabled |
Command line
Here there is a manual for the Command Line Interface, it is intended for the Speed Touch Pro with Firewall, a more advanced model than the Speed Touch Pro, but most command apply the same.
Here are some examples to set a password, to set some specific NAT rules (port forward) and to set a default NAT server:
=>system setpassword password = MySecret =>nat list =>nat create protocol = tcp inside_addr = 192.168.1.2 inside_port = 25 outside_addr = 0 outside_port = 25 =>nat delete protocol = tcp inside_addr = 192.168.1.2 inside_port = 25 outside_addr = 0 outside_port = 25 =>nat defserver =>nat defserver addr=192.168.1.2 =>nat defserver addr=0
The default NAT server will receive all the packets received by the router on the WAN interface (TCP, UDP, ICMP, etc.).
To be safe, save the new config:
=>config save
The EXPERT mode challenge password
If a password was set, this is the prompt for a telnet session:
$ telnet 10.0.0.138 Trying 10.0.0.138... Connected to 10.0.0.138. Escape character is '^]'. User : SpeedTouch (00-90-D0-18-5F-7E) Password :
You can type the password, if you know it, otherwise you can type the EXPERT backdoor password if you have an earlier version of the firmware. With a new firmware the EXPERT password is no longer valid for the telnet session, but it is still valid for the EXPERT command line mode (may be it is still vulnerable on the ATM interface? Read more).
If you want to calculate your challenge/response password goto this page.
Firmware upgrade
Note: I own an Alcatel Speed Touch Home, model number 3EC18604BCAA04. I upgraded from KHDSAA.134 to KHDSAA3.290 firmare. In my experience, uploading a new firmware from the web interface failed with an Invalid file uploaded error message. This with several images, even with the original one. So I definitely prefeer to do upload and download via FTP.
I also tried to upload the firmware GXKLAB3.426
which is reported to be the SpeedTouch Pro Firewall Software. Unfortunatelly the FTP session aborted, may be for the size of the file which is 235 kb larger than the original KHDSAA.134
file.
First of all you have to delete the passive (not used) firmware image to make room for the new image. If no passive software image is present at boot time, the active image is copied as the passive one. Active image is stored into the active subdirectory, passive image is stored into dl instead.
$ telnet 10.0.0.138 =>software deletepassive
Upload the new firmware via FTP, you can log-in as normal user or EXPERT user with challenge password:
$ ftp 10.0.0.138 Connected to 10.0.0.138. 220 Inactivity timer = 120 seconds. Use 'site idle <secs>' to change. Name (10.0.0.138): admin 230 User 'admin' OK. No password required. ftp> cd dl 250 Changed to ftp> bin 200 TYPE is now 8-bit binary ftp> put KHDSAA3.290 150 Opening data connection for KHDSAA3.290 226 File written successfully 1007232 bytes sent in 36.62 secs (26.4 kB/s) ftp> bye
Then we have to set the just uploaded image as passive and finally we switch images:
$ telnet 10.0.0.138 =>software software]=>setpassive file = KHDSAA3.290 [software]=>version Active : KHDSAA.134 Passive : KHDSAA3.290 software]=>switch
After the switch
command, the Alcatel automatically reboots.
khdsaa3_290.tgz
Convert an Home to a Pro
I did this upgrade to use the modem as a router, after this change I was able to set a PPPoA connection, doing NAT and port forward.
The upgrade consists of changing a word (two bytes) into the the EEPROM at address 2. The value for my Speed Touch Home was 0x8604, I changed it into 0x8606.
With firmware 253 or lower
=>EXPERT ========================DISCLAIMER========================= Access to expert mode is intended for qualified personnel only. Press ENTER to return to user mode. =====================END=OF=DISCLAIMER===================== 'SpeedTouch (00-90-D0-18-5F-7E)' Password : >rip rip>drv_read 2 1 b the data in hex is : 8604 rip>drv_write 2 1 b 8606
With newer firmware
=>td prompt ========================DISCLAIMER========================= Access to expert mode is intended for qualified personnel only. Press ENTER to return to user mode. =====================END=OF=DISCLAIMER===================== 'SpeedTouch (00-90-D0-18-5F-7E)' Password : ********* Switched to 'Trace & Debug' prompt. Return to Normal mode by typing <NORMAL> >rip rip>drv_read 2 1 b the data in hex is : 8604 rip>drv_write 2 1 b 8606