cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tightening Thompson router vulnerabilities

GringoFrenzy
Newbie
Posts: 7
Registered: ‎16-02-2012

Tightening Thompson router vulnerabilities

‎16-02-2012 12:57 PM

Hi all,
Was just wondering if there are any hidden 'back-door' service accounts enabled on the Thompson routers provided by PlusNet as standard which may pose a security threat?
I was with O2 previously, and theirs very thoughtfully came with a SuperUser account which was seemingly open to the entire internet.  The intentions were honorable: Customer Services could use it to log in and check all was ok if you had issues, and also apply firmware updates.  Unfortunately, the password was well documented and easily searchable on google.
For example, as with O2's version of the router, you can run scripts from a Telnet session on an internal IP by using an admin account which doesn't seem to require a password:  http://www.borpin.co.uk/2011/02/28/get-root-access-to-a-plusnet-thompson-router/
Anyone know if this is externally accessible from the WAN IP as well?  I haven't had a chance to test yet and I'm away from home for a while.
Cheers for any help  Smiley
Message 1 of 5
(4,355 Views)
0 Thanks
4 REPLIES 4
mattturner
Grafter
Posts: 246
Thanks: 2
Registered: ‎25-06-2009

Re: Tightening Thompson router vulnerabilities

‎16-02-2012 2:38 PM

Hi GringoFrenzy,
There's no need to worry, there are no server services that run on the router that leave you exposed. The HTTP,HTTPS,FTP,Telnet services are all restricted to LAN access. Even the ping responder server is restricted to LAN access to prevent external hosts from getting ping responses from your router.
There is a TR-069 service that runs on the router that is accessible WAN side, we use this for automated provisioning but it is restricted to Plusnet's server (for those that are interested, this server allows us to ask your router to initiate a connection to the TR-069 server configured in the router)
Let me know if I can be any more help!
Message 2 of 5
(653 Views)
0 Thanks
GringoFrenzy
Newbie
Posts: 7
Registered: ‎16-02-2012

Re: Tightening Thompson router vulnerabilities

‎17-02-2012 7:32 AM

Hi Matt, thanks for the quick response!
That's good to know. Plusnet staff seem pretty switched on from the forum posts I read before signing up,  so I half expected this to be the case anyway. Just thought I'd check Wink
Message 3 of 5
(653 Views)
0 Thanks
WelshWarrior
Grafter
Posts: 40
Registered: ‎02-11-2009

Re: Tightening Thompson router vulnerabilities

‎17-02-2012 12:56 PM

Not quite sure that you're correct about the Ping being restricted to LAN Matt. Mine quite happily responds to Internet Pings to allow me to monitor the quality of my connection via here:
http://www.thinkbroadband.com/ping/monitors.html
Message 4 of 5
(653 Views)
0 Thanks
mattturner
Grafter
Posts: 246
Thanks: 2
Registered: ‎25-06-2009

Re: Tightening Thompson router vulnerabilities

‎17-02-2012 4:08 PM

Hi WelshWarrior,
You will have had to explicitly set the router to expose this service on the WAN interface for this to work. I suspect you ran the command below for this to work. If not then I'd be very interested!
:service system ifadd name=PING_RESPONDER group=wan
Message 5 of 5
(653 Views)
0 Thanks