Created
August 15, 2019 09:31
-
-
Save P4z/1d823b4dea6e3c6fe0093856444db372 to your computer and use it in GitHub Desktop.
My solution to prevent sending syslog messages to untrusted remote host for ZTE's 4G modems.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| /bin/netstat -rn | grep ^195.54.122.206 > /dev/null | |
| if [[ $? -eq 1 ]] ; then /bin/iproute add 195.54.122.206/32 dev usb0; fi |
You can find other interesting hacks for MF823 at https://www.development-cycle.com/2017/04/27/zte-mf823-inside/ and https://blog.elevendroids.com/2014/06/changing-zte-mf823-4g-modem-ip-address/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I found that my ZTE MF823 modem sends syslog messages to remote host in Sweden. The messages include sensitive data like my IMEI/IMSI, tower that I'm connected to, signal strength and other. I don't like that so I put this script in MF823 filesystem and installed it as
/etc/rcS.d/S70zte.reroute-syslog.shsince I found that after 7 days my router restarts and the route table returns to default (as well as its root password and possibly other). The script just adds a route to that remote host via usb0 network interface (modem-computer connection) instead of rmnet0 (WAN interface).Next I added that remote host IP address to my computer NDIS interface (the other end of usb0 connection) and installed a Fastvue free syslog server just to collect the information, but that is not necessary if you want to just stop the sending of data to foreign host.
You can connect to your MF823 with telnet on default port as username
rootand the password ofzte9x15.