So we are at hacknight messing with some old Arlan 630 900mhz wireless access points we got off ebay. Our goal is to upgrade them to the “bridging” firmware so the devices can talk to each other and not just client cards.
On a side note the boxes were bought off ebay. The access points came with a configuration already on them:
ARLAN 630 V4.2C Configuration Ident Menu da521ap2
Option Value Description
1 – Name [ "da521ap2" ] – Node name
2 – Nid [ 00409610b998 ] – Network address
3 – Inaddr [ 030.117.028.034 ] – Internet address
4 – Inmask [ 255.255.255.000 ] – Internet subnet mask
5 – Ingateway [ 030.117.028.001 ] – Internet default gateway
6 – Location [ "" ] – SNMP system location
7 – Contact [ "" ] – SNMP system contact name
Enter an option number or name, “=” main menu, previous menu
>
Hmm 30.117.28.34…
ken@averacrap> whois 30.117.028.034
OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US
NetRange: 30.0.0.0 – 30.255.255.255
CIDR: 30.0.0.0/8
NetName: ARPAX25-TEMP
NetHandle: NET-30-0-0-0-1
Parent:
NetType: Direct Allocation
Comment: Defense Information Systems Agency
Comment: Washington, DC 20305-2000 US
RegDate:
Updated: 2002-10-07
OrgTechHandle: MIL-HSTMST-ARIN
OrgTechName: Network DoD
OrgTechPhone: +1-800-365-3642
OrgTechEmail: HOSTMASTER@nic.mil
Poke a little deeper in the configuration…
ARLAN 630 V4.2C SNMP Communities da521ap2
public – Read Only, Any NMS IP address, Any NMS NID
proxy – Read Only, Any NMS IP address, Any NMS NID
private – Read Only, Any NMS IP address, Any NMS NID
regional – Read Only, Any NMS IP address, Any NMS NID
core – Read Only, Any NMS IP address, Any NMS NID
barney – Read-Write, Any NMS IP address, Any NMS NID
Enter space to redisplay, q[uit] :
barney, cute.
5 Comments
Weren’t you or Matt saying that these things predated wireless access control systems like WEP? Well, I guess we know why all these government agencies keep getting F’s for security….
Of course, now that you have revealed this, “they” are going to have shuffle you off to a prison that doesn’t exist…damn, they will probably have to bag me too…
Ok, so how do you get these things to “bridge” once they are upgraded with the firmware?
You have to make sure the personality of the device has been switched to a bridge. The way you can tell is that if the device is in non-root mode the ethernet interface will stay active.
In order to do this we have found you have to downgrade the firmware sequentially and then reset to defaults, load the bridge firmware and reset to defaults.
You can find a txt file with the instructions here:
http://seattlewireless.net/arlan/
I got 1 in non-root mode and the other in root mode and they seem to talk, (at least wirelessly) but as soon as the non-root mode unit “registers” it quits passing traffic over the ethernet port. I must be close.
I was going to originally comment on the tech part, but I can’t believe that you found that with an existing config. I work in the DoD and I know for a fact that if you turned over the identity of the individual you got it from, they would have a rough time staying out of jail.
That is crazy though.
One Trackback
[...] From the “You can’t make this shit up” department, Ken et al. win some old wireless gear from eBay and find all sorts of nifty DoD related information in the config guts, to include a read-write SNMP string, “barney”. Full blog entry HERE. [...]