A blog about generally interesting infosec stuff by Darren Fuller/Paul Marsh, SecQuest Information Security https://www.secquest.co.uk

Monday, 9 December 2013

Facebook Badness

As an infosec company we don't tend to blog about Facebook scams such as "Free £100 Tesco voucher" or "Apple is giving away 1000 iPads because the boxes are scuffed" - surely a new box is cheaper + we'd be here all day tracing them!

However, this one peaked our interest as it is something that could just as well affect a company as an individual. This is pretty much a classic phishing exercise with a bit of social engineering thrown in for good measure, it's quite well executed though so on with the details..

I had a private Facebook message from a family member come through which cc'd a number of other family members/friends. This is what the message looked like (blurred to protect the innocent!):


Alarm bells started ringing; a PM with a generic message along with a URL shortened using "t.co" which is a classic obfuscation technique.  The "Facebooky" looking thumbs up adds a certain amount of credibility as it was posted by another family member, surely they can be trusted, right?

Saturday, 16 November 2013

ECI ECLVL05 VDSL2 MODEM - Statistics

Whilst not strictly info-sec related, this is a quick guide on how to get line stats from a VDSL2 modem commonly used with BT's 'infinity' fibre to the cabinet solution.

The tutorial at http://hackingecibfocusv2fubirevb.wordpress.com/2012/09/23/bare-instructions-to-unlock-eci-vdsl2-modem/ should first be followed in order to unlock the modem and gain admin access via TTY or Telnet, this is essential for running the routines that allow statistics to be obtained from the modem. Once this step has been done, it is possible to log into the modem with a browser using credentials admin/admin and examine the status / statistics data; 


To get this statistics data from the modem, you have to write something like;
 "g997csg 0 1" to /tmp/pipe/dsl_cpe0_cmd and then get the output pipe for the result; cat /tmp/pipe/dsl_cpe0_ack

Once all data has been collected, the usual array of cut/awk/grep can be employed to pull the data and format it properly. 

A common implementation of the data collection scripts uses a Cron entry to call the script every 5 minutes, the outputs of which are graphed using MRTG or RRD. This enables plots to be made showing FTTC signal to noise ratio, attainable and actual upstream and downstream rates. A TFTP server is required for the data transfer to and from the FTTC modem.