Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Plusnet's Technicolor TG582n Router is OPEN TO HAC...
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
08-05-2013 6:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
08-05-2013 6:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
08-05-2013 7:16 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
08-05-2013 7:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Warning May 8 17:05:51 IDS proto parser : tcp null port (1 of 28) : 4.79.142.206 81.174.168.118 0044 TCP 58218->0 [......] seq 1564800384 win 8192
Warning May 8 17:02:53 IDS proto parser : udp null port (1 of 1) : 192.168.1.64 192.168.1.255 0090 UDP 137->0
Warning May 8 17:00:34 IDS scan parser : tcp syn scan: 4.79.142.206 scanned at least 20 ports at 81.174.168.118. (1 of 1) : 4.79.142.206 81.174.168.118 0044 TCP 58134->24 [S.....] seq 3915130105 win 8192
Warning May 8 16:59:55 IDS proto parser : tcp null port (1 of 1) : 4.79.142.206 81.174.168.118 0044 TCP 58129->0 [......] seq 2345921030 win 8192
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
08-05-2013 11:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Razer - I am not freaking out but I get your point. I will be happy if all ports are stealthed and I can use VPN and everything works as it did when I had my previous router/ISP.
@Oldjim - I did look at my Router logs, but like yours you listed here - I have absolutely no idea what all that gobbledegook actually means so its pointless me looking really!
What I don't get still is how one user on this thread (spraxyt) has got stealtehd Ports even though he doesn't even have the server-side firewall on and his router is on Standard Firewall...
The test result in the opening post differs from mine. My firmware is 8.4.4.J.
With the standard settings (including for UPnP) on my TG582n (ADSL), except ping response from WAN is enabled, all common ports show as 'stealth'. The Plusnet firewall is 'off'.
Can anyone explain how this can be - given I have two firewalls, and the server side is on 'High'???
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 12:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 12:20 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you are and you have 'Use default gateway on remote network' ticked in Advanced TCP/IP settings (or equivalent) then the scan will be showing the result for the VPN internet gateway rather then your own connection.
At any given moment in the universe many things happen. Coincidence is a matter of how close these events are in space, time and relationship.
Opinions expressed in forum posts are those of the poster, others may have different views.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 7:44 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests.
That's with the Plusnet firewall set to Off and the router firewall set to defaults. I don't do any VPN malarkey.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 12:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have uPNP turned off and all other servers (FTP, NFS, "Media server" under "content sharing") on the router disabled.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 12:18 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Cobalt19 THE SITUATION
Just joined Plusnet three days ago and connected the supplied Router (Technicolor TG582n) and it set itself up fine and I get Broadband OK - this part is good.
Testing the router with the www.grc.com 'Shields Up!' security check service (as suggested on Plusnet's own website) using the 'All Common Ports' test, reveals many ports are visible as 'open' or 'closed' and not stealthed. Consequently my network is open to hacking and it is not good enough. I phoned Plusnet telephone customer service twice and spoke to friendly guys who informed me that they "do not support giving advice on stealthing this router". Not good!
Visible Ports are as follows....
Closed: Port s21, 22, 137, 138, 443
Open: Ports 139, 445, 548
My previous router (and on a different ISP - the very excellent but expensive Eclipse Internet) stealthed everything and that is what I want again with this new router and Plusnet. My previous router is not ADSL2+ as I got it when Broadband in the UK became available 'back in the day' probably 2004 for me. I am not a computer technician - just your average user. The household uses internet for email, surfing, iPlayer, Youtube Skype video calls, and the occasional online gaming (PS3). As I said earlier - all this has been working perfectly before using a stealthed router.
MY OBJECTIVE
To have my new router operating all internet fnctions whilst being completely stealthed.
MY QUESTIONSt is impossible to stealth this router then what do I do next?
- Is it possible to stealth this Technicolor TG582n?
If so - where can I find the detailed settings?
If i
See screen grab below...
Are you using a MAC? or apple product for sharing/streaming movies, etc by any chance?
Some of those ports would not be open on a windows based PC without the necessary configuration, e.g ssh and ftp ports.
If you are using windows it probably wouldn't hurt to run netstat and check which ports your computer is listening for connections on (If you need more help with this, let me know). I would suggest disconnecting all other devices when you do this wired and wireless (disable if necessary).
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 5:06 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'm not sure why these ports aren't showing as dropping packets (stealth), all my tests here show that they should.
I can give you some commands to 'stealth' these ports, ie make the router drop all packets sent to them, however I suspect that this will break something that's running on your internal network.
You can try anyway, as long as you don't run the :saveall command these settings will be lost after you reboot.
:expr add name CobaltPortBlock type=serv proto=tcp dstport=21
:expr add name CobaltPortBlock type=serv proto=tcp dstport=22
:expr add name CobaltPortBlock type=serv proto=tcp dstport=137
:expr add name CobaltPortBlock type=serv proto=tcp dstport=138
:expr add name CobaltPortBlock type=serv proto=tcp dstport=443
:expr add name CobaltPortBlock type=serv proto=tcp dstport=139
:expr add name CobaltPortBlock type=serv proto=tcp dstport=445
:expr add name CobaltPortBlock type=serv proto=tcp dstport=548
:firewall rule add chain=forward_custom dstinf=wan serv=CobaltPortBlock action=drop
This new rule will tell your router to drop all packets arriving on those ports on the wan interface.
This could have unintended consequences so be prepared to do a factory reset if things go wrong!
Let me know what your ShieldsUp page shows after running these.
Cheers,
Matt
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 5:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
There have been 15 warning entries just this afternoon of attempted intrusions/port scanning.
My router is totally steathed including blocking ICMPing.
Sometime I get allocated a dynamic IP address by by Plusnet which is clearly not (yet) on the scammers database and then I get a period of quiet -as far as the logs go with nothing reported.
When I can be arssed I check the attacking IP addresses only to find that invariably they are in the Far East and Eastern Europe.
I've just checked the last two an they appear to be from registered IP locations of Santiago and Moscow.......
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 6:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: x47c
My router is totally steathed including blocking ICMPing.
Have you checked TCP port 51005 on Gibson's ShieldsUp site?
To stealth this port, disable CWMP-S.
http://npr.me.uk/telnet.html#cwmp
Note:
Disabling CWMP-S may prevent the router from automatically detecting your PN username and password.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 6:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: x47c Like poster 'Oldjim',
Oldjim's log was the log messages generated by the GRC shields up test!
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
09-05-2013 8:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Plusnet's Technicolor TG582n Router is OPEN TO HAC...