I’ve been using T-Mobile for a while, but as of more recently have been trying to get VPN working properly over the their “VPN” GPRS service. The odd part about it is that it’s not actually listed on their web site and nobody seems to know about what it actually does. I attempted to call their customer support to answer this question, but ran into a brick wall. I was told something such as “Only the NOC would have that kind of information.” I thought for a moment and did a whois on an address I’d recently used with T-Mobile:
OrgName: T-Mobile USA
OrgID: TMOBI
Address: 12920 SE 38th Street
City: Bellevue
StateProv: WA
PostalCode: 98027
Country: US
NetRange: 208.54.0.0 - 208.54.159.255
CIDR: 208.54.0.0/17, 208.54.128.0/19
NetName: TMO2
NetHandle: NET-208-54-0-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation
NameServer: WEST1.JMRTECH.NET
NameServer: EAST1.JMRTECH.NET
NameServer: WEST2.JMRTECH.NET
NameServer: EAST2.JMRTECH.NET
Comment:
RegDate:
Updated: 2003-03-23
OrgTechHandle: DNSAD11-ARIN
OrgTechName: DNS Administrators
OrgTechPhone: +1-888-662-4662
OrgTechEmail: tech@tmodns.net
Well then, there’s a handy-dandy 1-800 number to call. So normally I don’t make it a policy of calling random NOC’s, since they actually have better things to do, I went ahead and called them up anyway. After explaining my situation and asking for help, my reply was something similar to “I don’t know where you go this number, but you’re going to have to talk to customer service for that. Have a nice evening.”
This leaves me with about as much information as before, but as they say, there is more than one way to skin a cat. This is my documentation of what I can gleam from their incoming firewall configuration for the service that I’m *paying* for at the moment. I’m essentially putting my machine on the end of the ppp tunnel I’ve made via my phone and then checking it externally.
The first thing I checked out was to see whether or not they appeared to be filtering GRE, which would break the Microsoft PPTP VPN:
(The 255 protocols scanned but not shown below are in state: open|filtered)
PROTOCOL STATE SERVICE
55 filtered mobile
/etc/protocols has this to say about it:
mobile 55 MOBILE # IP Mobility
This seems pretty benign, since that’s normally used for fiddling around with modifying routing for IP datagrams. Protocol 47, or GRE, seems to be accessible incoming. On a side note, this might actually be set up in the Savvis datacenter where I’m running the tests from, but either way, it’s of no real interest to me.
What about a UDP Scan on interesting ports?
All 1478 scanned ports are: open|filtered
Nmap run completed – 1 IP address (1 host up) scanned in 297.953 seconds
Running a simple SYN TCP scan tells us the following:
All 1663 scanned ports are: filtered
Nmap run completed – 1 IP address (1 host up) scanned in 335.872 seconds
Well then. I suppose that answers my question. It’s sad that I have a public IP that I can’t use for TCP Services. On the other hand, 6to4 uses only UDP…
