Amtec (ElsagDatamag) Argo 55/95 – Take 4: Hardening

It seems like a good idea, since we have now access (again) to the router, try to do our best to lock out the provider, and avoid further remote configurations / upgrades.

This is what I did, feel free to find other methods and add a comment to this post :)

– Activate the firewall, and block – with a specific rule – port 4567 (is used for remote control)

– Edit the firewall rule that allows access – via telnet – from a specific list of networks, changing the operation to “Drop”, and write down those networks (these are the networks from which the provider connects to do remote maintenance)

– Create a static route for every network noted in the previous step, redirecting to a non-existing gateway (ie. 0.0.0.0)

A note on the last point: when you restart the router, it will fail to connect to the ACS (remote configuration) server. This is a nice thing, but because of this the ‘Fastweb’ led will remain red, and the ‘Ethernet’ and ‘WiFi’ leds will remain off. This is just aesthetic: wireless and wired network works perfectly.

Here are a couple of screenshots that shows what you should obtain thereafter:

Usual disclaimer: these are not general purpose instructions – I cannot guarantee it will work for you. Use them at your own risk.

Written by bano on 2012/01/18 Categories: Hacking Tags: , , , , ,
10 Comments on Amtec (ElsagDatamag) Argo 55/95 – Take 4: Hardening

10 Comments

  • DERRING says:

    Is this the reason becouse your router is still accessible? Is it maybe becouse they were unable to access your router configuration due to the software modification you did to it to prevent any remote maintanance?

    • bano says:

      Yes – or, at least, is what I hope :) The router cannot reach the TR-069 server, so no new configuration file can be provisioned.

      • DERRING says:

        Well, and what if they need to improve your service or change something vital to your connection?

        • bano says:

          Honestly I can’t imagine anything vital to the connection, on FTTH networks at least, that they could send via TR-069.

          Neverthless, if I’ll ever need to do a factory reset, or to upgrade the router, I’ll sniff the communication again, so I’ll have a chance to keep the access to the router.

  • […] Then reconnect the fiber cable, access to the Argo web interface, and follow the steps in the hardening post, before it’s too late […]

  • paolone919191 says:

    I’ve followed this guide, but… every time it auto-update himself! How can I stop it?!?!

    • bano says:

      Hi Paolone, are you sure you created the dummy routes for the Fastweb management network? It shouldn’t been able to log to the ACS.
      When you start the router, the ‘Fastweb’ led becomes green, or it remains red?

      • paolone919191 says:

        ciao, ti rispondo in italiano :) si allora il problema erano proprio le rotte, ma continuiamo sull’altro “capitolo” per evitare macello :)

        Grazie del supporto!

  • kad says:

    Firmware downgraded, but i can’t access to the web interface.
    tried accessing http://192.168.1.254 but with no luck. I know this project is old but i wanted to use it. Is the web interface stored on web or inside the router? It seems like spider interface is not into this firmware:
    Argo> system
    system> ver
    Versions
    Main Software: EDA_1.3.20
    Bootloader: 1.1.5
    WLAN firmware: 9.2.0
    AP firmware: 5.8.0-james_04May10
    DSL firmware: 5.5.1
    DSP firmware: 5.8.0
    UPNP firmware: 1.5.0
    DLNA firmware: 1.5.0
    Platform: ElsagDatamat ARGO 55+
    Distribution: FASTWEB_NGRG

    Returned 0
    system>

    • bano says:

      Hi kad,
      unfortunately the webserver is binded on the port 80 of the external ip address: thus, to access the interface, you should go to http:// from your local network (by default remote administration is NOT enabled).
      Kind regards,
      Gabriele

Leave a Reply