Lobotomizing my DSL modem

As I was attempting to get my super-sweet video streaming solution working outside my own network, I ran across a little problem... I seemed unable to get port forwarding working.

I wasn't sure whether it was my router misbehaving, the streaming server itself, or perhaps Verizon blocking the port. After a few netcat tests and some minor frustration, a buddy of mine suggested that it might be my DSL modem.

Huh. I had never really expected my DSL modem to have any brains... after all, my cable modem was a pretty passive piece of equipment. But I checked and sure enough -- my DSL modem also turned out to be a nifty little router and firewall. So this whole time, my home network was actually a network inside a network. The modem was providing DNS, DHCP and NAT to my router, and my router was providing DHCP and NAT to the rest of my home network. Ahhh. Easy enough to fix, right? I just needed to tell my modem to stop being so smart and turn itself into a transparent bridge. Easy enough to say, just extremely obtuse to figure out though. After a significant amount of research online (all of which resulted in absolutely no progress), I gave in and called Verizon tech support. Two full phone menu trees later, I ended up with a guy named Adam who was very helpful.

And in the name of posterity, so any other poor schmucks out there don't have to sit through the Verizon Phone Menu Hell, here are the instructions on...

How to Lobotomize your DSL Modem (or, Enabling Transparent Bridge Mode on your Westell 6100F Rev D)

1. Plug a computer or handy laptop directly into the ethernet port of the 6100.
   (You may need to renew/refresh the network connection of the computer...)
2. Open a browser and navigate to 192.168.1.1
3. The default username and password (if you haven't changed them) are "admin" and "password"
4. The first thing you should do at this point is change the admin password to something else -- it should land you on the screen to do this if you used the default password to get in
5. Select "My Network" (should be an icon along the top of the page, think it's second from the left)
6. When that comes up, select "Network Connections" from the menu on the left side of the page. (alternatively, just navigate to 192.168.1.1/configure_wan_adv.htm )
7. There will be one or more items listed in the center of the screen, the top one being "Broadband Connection DSL" -- click on that.
8. This will take you to a screen where you'll see something like "Set VC"
9. Under the VC menu on the far right, click the Edit button.
10. When you get to the VC 1 configuration screen, look for the protocol drop down. Change it to "Bridge" and then set the Bridge Mode drop down to "Bridge" (and NOT "Routed Bridge")
11. Hit Apply, and tell it OK for the reset.
12. When the modem resets, go back into the "My Network" >> "Network Connections" page.
    
13. This time, click the second item in the list, "LAN"
14. This should take you to the Private LAN screen. The top checkbox should be labeled "Private LAN DHCP Server Enable" -- uncheck that.
15. Apply the change.
    

Voila! Now if your router is set to automagically get it's information you should be good to go. I would recommend powering down (switching off/unplugging) both the DSL modem and the router for a good 30 seconds, then power on the DSL modem & wait for a steady green light (of the 3 lights, only one will be lit), then powering on the router & waiting for it to give you a steady green.

Now all I need is to get my new Buffalo router and flash it with Tomato and I'll be all set!

[edited to fix tags]

Security Charlatans

One of my banks (for various reasons I bank at several places) has instituted their new "ultra-secure two-factor authentication system." Sigh. I'd love to find out who actually designed and sold them the system, so I could publicly humiliate them by name ...

...because it isn't "ultra-secure" nor is it really two-factor. One factor twice is NOT the same as two-factor. The idiot(s) that purchased this new system for the bank should have done some basic research.
For those who aren't certain what I'm talking about, either check wikipedia or listen up (although I'm telling you the same thing, just simplified) -- there are 3 common "factors" that you can authenticate someone by.

• Something you KNOW -- like a password, a pin number, your SSN, a special hand-shake, or which picture is a kitten
• Something you HAVE -- a random number generator, a CAC, an embedded RFID tag, or a physical key (preferably something difficult to duplicate)
  
• Something you ARE -- your DNA, retinal scan, fingerprint, voice, etc.

If you have a system where the user has to enter a password and then another password, no matter how tricky you are (even if the 2nd password is entered by pushing randomly jumbled buttons on-screen instead of typed), it is still ONLY a single-factor system. Is it stronger than a single password? Sure... but I don't care how many passwords or pin numbers you make someone enter...

There is no multiple of single factors that is as secure as a single multiple factor.

The other part of their security? They set a cookie on your machine. *THAT's* their multi-factor ultra-secure system... TWO PASSWORDS AND A COOKIE? Yikes. And the very best part? If you don't have the super-special cookie because you're hacking logging in from somewhere else? You can just tell them to ignore it and let you in anyway. Sigh, again.
My task now is to find a financial institution that uses honest-to-goodness multi-factor. So far all I can find is Paypal.

The Magic Bean

I have this theory about "magic beans." Beans, beans the magical fruit -- the more you Magic Beans are problem fixes for those issues that are making you pull your hair out. "Beans" because they're usually really insignificant in 'size' and "Magic" because they're not normally logical, well-known, or obvious.

For instance: I just updated one of my NAS posts below with a magic bean I had forgot about. The longer story being that I had been in the middle of a package update in opensolaris when I realized I hadn't snapshot my root filesystem. Right about then it crashed. Long story short, I had to reinstall the OS and get my networking reconfigured. But try as I might... no matter how exactly I followed all the right recipes on getting networking configured it just wouldn't work. Enter the magic bean. I found a thread that looked familiar, then it hit me... there were these 4 little commands one had to run, and "poof" -- the rest of my configuration started magically working. These commands aren't normal... in fact, they're only necessary because of a defect in my network adapters or driver.

To clarify, typographical errors in code do not count as Magic Beans. They're small and not obvious... but you have the knowledge to fix them if you could see them. Magic Beans are the problems that we can't see (because we don't know how to fix them?).

Contagious Intellectualism

To say this friend of mine is brilliant is an understatement. But alas the English language doesn't let me make superlatives out of almost any word like some others do... so that will have to suffice.
I had known since before I met him that he was smart -- but there is a difference between knowing something and really knowing something. The other day I had included him on an email about a game idea I had been batting around for a while (something like a cross between CSI & Mastermind). His response contained three questions... and they absolutely blew me away. Who thinks this way? Maybe it's just me, but just being able to conceive and ask these questions is a mark of genius in my book.

...This [game] idea is closely related to a couple of things I've been noodling around with lately:
1. How can we identify "signatures" of phenomena we don't yet recognize as important?
2. How can we optimize (in time and cost) forensic interrogation procedures for "mixed" phenomena?
3. How can we model interrogations of poorly understood phenomena?
...

Wow. It feels like I'm only "noodling" around much more mundane things these days. Perhaps now that the ADHD meds are clear of my system the lofty intellectual noodling will start back up.