The Network Part II

Update on my network...

I replaced the unreliable Dell switch with another Extreme Networks switch... this time a Summit 24e3. It has a full layer 3 license and is now configured as my default gateway. I uplinked my Summit 24e2 via a link aggregation trunk of 4 fast ethernet links for a total aggregate bandwidth capacity of 800Mbit (wire speed).

A Cisco 2514 is still my primary route to the internet and a Cicso 2621XM handles my VPN. Also newly added is a Sun Netra-T1 with a 500Mhz Sparc running Solaris 10 and Bind 9.4.2 as my primary DNS server. I just built this machine this past week to replace one of my SparcStation 5's (Still one of my favorite Sun boxes :) )

I still need to make some improvements, but it is MUCH better than it was before.

Hardware password sniffing and hacking

I recently came across a really cool piece of gear... a rack mounted SNMP network interface unit. This device is essentially a interface that allows you to monitor and control external devices of your choice via SNMP.

There is one issue... I don't have a password to console into it to configure it. Finding a default login password or a reset procedure for this device has been an impossible task. Marconi (the maker of this device) has since been dissolved into several companies making any documentation out there extremely scarce. The only things I have found are links to a manual that point to websites no longer in existence, and very vague product feature descriptions. (if anyone out there does happen to have a manual for this device, please let me know!)

I really want to get this device working, it is extremely flexible and there really isn't anything else on the market that can inexpensively and easily do the same thing.

So here is my idea. Since breaking in through the console port doesn't look feasible, and there is no hard manual reset to restore it's factory defaults, i'm not left with very many options. Opening it up, I discovered that the device contains a 16bit flash eeprom... all configuration information is stored on this device as it's the only writable memory on it. At some point while the embedded arm processor is loading it's basic embedded os/program from prom, it has to load this saved configuration from the eeprom. So I will simply sniff the data coming off of it's data bus with a logic analyzer, convert the two bytes of info into ascii and hope that everything is in clear ascii text. I can't imagine that the data on this device would be encrypted between the arm processor and flash... so this data should be easily retrievable.

Step 1: I obtained the data sheet for the AMD 16bit eeprom and wired the 16 pins off of it's data bus with interfacing leads:

The remaining leads were soldered to points on the bottom of the board.

Step 2: Wire the 16bit data bus to my logic analyzer.

Step 3: Power on the device and capture the data!

The issue I am having now is understanding the data. I have no idea how the arm processor is writing data to memory and what type of endianness it is using. ( it doesn't help that this arm processor manufacturer is no longer in business either :( ). Since arm processors can be configured as big-endian or little-endian I will have to decode the data both ways until I see some legible data. My logic analyzer can take the data seen above and convert it into ascii text, displayable on the screen. It's a slow process, but i'm making progress.

I haven't seen the password yet, but I'm still confident it's in there. There is just a lot of data to sniff through... and a large mess on my bench.

The network

My home network is a disaster.

When it was originally set up about three years ago everything was nice, clean, labeled and organized. As of today it is a complete mess... I realized this over the weekend when I couldn't get a specific cable to link up to my switch, only to discover that the cable I was using had been pinched in my door a few too many times causing a break. I then looked at the rest of the network and realized that this is really bad.

My home networks primary purpose is an experimentation playground. Want to play with OSPF between two Cisco routers? Sure. Want to play with an 802.1q VLAN on a Cisco Catalyst talking to an Extreme Summit? Ok. Need to do some web / database development? Yep. This type of playing results in a lot of moving equipment and cables around... and the result is this:

Now everything is working and I know what's going on with everything... it just looks like a mess. A lot of equipment is off because of thermal issues... this closet doesn't have the best air circulation so heat can become an issue. I used to have a Catalyst 5000 in here which was capable of heating a good portion of my home. This was great during the winter months, but as soon as summer came around, it had to go to save myself from a ridiculous electric bill.

A couple notes on this equipment:
That is my 4th Linksys router. I have never had one last me more than 2 years before it fails. I have to reset mine about once a week... it works fine until it just stops routing packets. By best guess is just that it get's too hot? It shouldn't be an issue though, this closet doesn't get that warm and nothing else in there fails. Next time I will spend the extra money and get a good Cisco Aironet.
Also, Extreme Networks switches are awesome!

When I finally move, I will dedicate a lot more space to my systems, working on them in such a small space is not so much fun...