My ISP recently sent me a Siemens sx762 wlan dsl modem with voip support. it replaces the ATA voip box they previously provided me which is suffering from too much echo on certain calls.
It looks like a decent, pretty functional modem which a rather decent webinterface. After testing/poking it a bit more I found the following:
It runs Linux. Nmap reports the following:
PORT STATE SERVICE 22/tcp open ssh 53/tcp open domain 80/tcp open http 443/tcp open https 5555/tcp open freeciv 8080/tcp open http-proxy MAC Address: 00:21:04:43:6E:8A (Unknown) Device type: general purpose Running: Linux 2.4.X OS details: Linux 2.4.28 - 2.4.30 Uptime: 3.772 days (since Wed Mar 11 21:35:03 2009) Network Distance: 1 hop
Additionally to the ports listed above, it also listens to port 8085. More on this later.
If it runs Linux, Siemens should provide the necessary sourcecode and licenses. You can find this here (found on the net, not my router's info).
The first interesting thing is port 22, ssh. It appears you can ssh into the device using 'administrator' as username, and the password you use for the webaccess. This will provide you with a restricted management shell. You can find a complete overview of all information here.
If you look in detail at this file, you'll see the following:
ManagementServer.URL = http://tsm.topit.nl:1111/ACS-INTF ManagementServer.Username = 000000-CPE-000000000000 (cleared) ManagementServer.Password = ManagementServer.PeriodicInformEnable = 0 ManagementServer.PeriodicInformInterval = 240 ManagementServer.PeriodicInformTime = 0001-01-01T00:00:00 ManagementServer.ParameterKey = ManagementServer.ConnectionRequestURL = http://n.n.n.n:8085/CPE-ACCESS (ip removed)
I'm not really sure what this does. It looks like some sort of remote management support. I'm not sure if the modem is somehow able to "call out" (to tsm.topit.nl in this case). Additionally, an extra service appears to be running on port 8085 (which is unfiltered).
Port 8085 seems to be running "RomPager Advanced Server", as far as I can tell an embedded web-based management server. I haven't been able to access it though. Perhaps this is a remote management option for my ISP, but it does scare me a bit. The "normal" management user interface also appears to run on the RomPager server, but url's are different.
As said before, the modem works well, except for one issue: It doesn't properly register a hangup. If I call my cellphone and hangup before I pickup the cellphone, the cellphone will continue ringing (and eventually switch to voicemail, where two minutes of voicemailbox are filled with nothing). I haven't yet found a cause or solution for this.
I did find a relevant piece of logging:
... calling an umber (ending in 52) Mar 15 13:56:46 Inf <EVENT> FXS 1: Detected DTMF 5 Mar 15 13:56:46 Inf <EVENT> FXS 1: Detected DTMF 2 Mar 15 13:56:51 Inf <EVENT> Ept 1 : created stream 1 (coder 0) Mar 15 13:56:58 Inf <EVENT> FXS 1: Detected hook event 0x1 : onhook Mar 15 13:56:58 Inf <EVENT> Ept 1 : deleting stream 1 (coder 0)
So it does register the hangup.
Stuff to figure out
- are there options to escape to a shell? busybox seems to be included
- what's running on port 443 and 5555? 443 doesn't behave like https
- what's the purpose of port 8085 and what's topit.nl's role?
Have you followed up with the sx762. I have been messing with the settings trying to get mine to allow for stock firmware to be loaded.
Comment by anon — Jun 24, 2010 7:10:48 PM
I haven’t. It had VOIP issues (wouldn’t hangup properly) so my ISP send me a thomson modem, which sucked even more. I’ve changed to Fritzbox! since then and all my problems disappeared. It’s an expensive modem but the software is excellent.
Comment by ivo — Jul 12, 2010 9:33:32 AM