Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
My solution to prevent sending syslog messages to untrusted remote host for ZTE's 4G modems.
#!/bin/sh
/bin/netstat -rn | grep ^195.54.122.206 > /dev/null
if [[ $? -eq 1 ]] ; then /bin/iproute add 195.54.122.206/32 dev usb0; fi
@P4z

This comment has been minimized.

Copy link
Owner Author

commented Aug 15, 2019

I found that my ZTE MF823 modem sends syslog messages to remote host in Sweden. The messages include sensitive data like my IMEI/IMSI, tower that I'm connected to, signal strength and other. I don't like that so I put this script in MF823 filesystem and installed it as /etc/rcS.d/S70zte.reroute-syslog.sh since I found that after 7 days my router restarts and the route table returns to default (as well as its root password and possibly other). The script just adds a route to that remote host via usb0 network interface (modem-computer connection) instead of rmnet0 (WAN interface).

Next I added that remote host IP address to my computer NDIS interface (the other end of usb0 connection) and installed a Fastvue free syslog server just to collect the information, but that is not necessary if you want to just stop the sending of data to foreign host.

You can connect to your MF823 with telnet on default port as username root and the password of zte9x15.

@P4z

This comment has been minimized.

Copy link
Owner Author

commented Aug 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.