Image for post
Image for post
The Virgin Media Hub3, probably the most infamous ISP provided router ever.

TR-069 is a common protocol used by a variety of Internet Service Providers and network device manufactures for remote administration of network equipment such as switches and routers, so firmware or configuration updates can be pushed on a large scale basis. In the past there have been notable exploits and attacks leveraging TR-069, mainly on consumer routers.

An interesting event occurred, which led me down a bit of a rabbit hole on what looks like a recent change made by Virgin Media in their network, exposed by Shodan.io.

I use Shodan with a paid plan along with it’s IP monitoring…


Image for post
Image for post

I recently decided that I would get a second fixed broadband line in addition to my existing broadband connection, given my increased working from home pattern per recent world events. Shopping around I found Vodafone Business Broadband a cheap and decent enough package. I decided to go with their Superfast 2 option. This article is intending to be useful for other customers who use Vodafone VDSL but decided they want to bring their own modem to party!

Bringing your own modem (BYOM)

You don’t have to do this, but for my usage and purposes, the Vodafone WiFI Hub (aka the THG3000) isn’t going to cut…


When your main ISP falls short, time to tunnel your way out of trouble!

Image for post
Image for post

I recently decided to test out the L2TP relay service from Andrews & Arnold. I have never had broadband services with them, but had read and heard great things. They offer a L2TP relay service, where you can basically use their network, without having a broadband line with them. Instead you connect via your existing broadband provider (in my case Virgin Media) via L2TP (Layer 2 Tunneling Protocol).

Why would you do this? Well, to explain the quick back story why I became interested in this…


Water, water everywhere!

Image for post
Image for post

My Dell XPS 9530 was recently the victim of an unfortunate incident involving a mug of water. The outcome, a not very happy and bleepy (beep codes) Dell laptop. While I’ve opened a lot of electronics in my time, I hadn’t up until this point ever needed to do it specifically for water damage but hey there’s always a first time for everything right?! Join me on my diagnosis and assessment of what a water spill can do in a very short space of time to electronic hardware components.

Assessing the damage

Popping off the bottom case to inspect the initial damage. Initially…


I wanted SSH access back that badly, I decided to enable it again, by force!

Image for post
Image for post

I’ve been posting about the 4GEE Home Router a lot lately. My main focus has been around regaining SSH access to the router which was once originally possible, but since disabled by EE/Alcatel, in newer firmware updates. My motivation for doing this, is mostly my own curiosity and it’s not always the case an ISP provided router has SSH access available. I’ve already covered this subject in a previous article where I also showed some of the hidden features this router has.

In order to…


Image for post
Image for post

Did you know the 4GEE Home Router has several hidden settings pages within the firmware and its own JSON-RPC web API?

The 4GEE Home Router itself is a rebadged Alcatel HH70 used by EE. Behind the scenes it is running a modified version of OpenWrt and is running the GoAhead web server from EmbedThis that serves the EE branded web interface. This can be found in the response headers when accessing the web interface:

curl -v http://192.168.1.1/index.html * Trying 192.168.1.1... * TCP_NODELAY set * Connected to 192.168.1.1 (192.168.1.1) port 80 (#0) > GET /index.html HTTP/1.1 > Host: 192.168.1.1 > User-Agent…


Sorry in advance IPv6 purists, you will be triggered.

Image for post
Image for post

I recently setup mwan3 with a two WAN failover policy that works for both IPv4 and IPv6. I found out a lot of information about various aspects around OpenWrt, IPv6 and mwan3 and thought I’d document them to help others who may be looking at doing something similar.

mwan3 and IPv6

There are a few key areas related to mwan3 and IPv6 that you need to be aware of:

  1. You need to split your IPv4 and IPv6 interfaces as mwan3 currently doesn’t support dual stack interfaces. This is more verbose and increases the amount…


Virgin Media logo
Virgin Media logo

This is a question that has come up a few times in the past. Customers of Virgin Media in the UK on it’s residential broadband have questioned if Virgin Media is traffic shaping protocol 41, the important protocol behind 6in4 IPv6 tunnels, provided by the likes of Hurricane Electric. Virgin Media have consistently denied any shaping of any kind is occurring, but I’m not convinced there isn’t something going on in their network. So I decided to dig a little deeper.

Virgin Media doesn’t “filter” protocol 41, so they aren’t blocking it, we know that for sure as you can…


Image for post
Image for post
Press shot of 4GEE home router

Here’s how I setup a secondary WAN for failover using the 4GEE Home Router as another WAN connection.

Just prefacing this with a small disclaimer, I don’t necessarily endorse doing this specific setup, I chose using EE 4G broadband because I’m already an EE customer and it was the most accessible way for me to obtain another broadband line easily at a reasonable cost.

I’m running OpenWrt on my Linksys WRT3200ACM, it’s single WAN port is being used by my fibre connection from the Virgin Media Super Hub 3 router/modem (running in modem only mode). In order for to bring…


For the most part the Dell XPS 9550 has great compatibility with Kali Linux and Linux generally in more recent kernel versions, aside from one area, the Broadcom wireless card some variants ship with.

You could go fully nuclear and replace the wireless card with an Intel one, which some have done, but for Bluetooth the issue isn’t the card, it’s likely missing firmware.

Inspecting dmesg, we see some interesting entries:

[ 9.959255] Bluetooth: hci0: BCM: chip id 102 [ 9.960250] Bluetooth: hci0: BCM: features 0x2f [ 9.976300] Bluetooth: hci0: BCM20703A1 [ 9.977287] Bluetooth: hci0: BCM (001.001.005) build 0000 […

James White

I'm a web developer, but also like writing about technical networking and security related topics, because I'm a massive nerd!

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store