Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Tightening Thompson router vulnerabilities
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Tightening Thompson router vulnerabilities
Tightening Thompson router vulnerabilities
16-02-2012 12:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi all,
Was just wondering if there are any hidden 'back-door' service accounts enabled on the Thompson routers provided by PlusNet as standard which may pose a security threat?
I was with O2 previously, and theirs very thoughtfully came with a SuperUser account which was seemingly open to the entire internet. The intentions were honorable: Customer Services could use it to log in and check all was ok if you had issues, and also apply firmware updates. Unfortunately, the password was well documented and easily searchable on google.
For example, as with O2's version of the router, you can run scripts from a Telnet session on an internal IP by using an admin account which doesn't seem to require a password: http://www.borpin.co.uk/2011/02/28/get-root-access-to-a-plusnet-thompson-router/
Anyone know if this is externally accessible from the WAN IP as well? I haven't had a chance to test yet and I'm away from home for a while.
Cheers for any help
Was just wondering if there are any hidden 'back-door' service accounts enabled on the Thompson routers provided by PlusNet as standard which may pose a security threat?
I was with O2 previously, and theirs very thoughtfully came with a SuperUser account which was seemingly open to the entire internet. The intentions were honorable: Customer Services could use it to log in and check all was ok if you had issues, and also apply firmware updates. Unfortunately, the password was well documented and easily searchable on google.
For example, as with O2's version of the router, you can run scripts from a Telnet session on an internal IP by using an admin account which doesn't seem to require a password: http://www.borpin.co.uk/2011/02/28/get-root-access-to-a-plusnet-thompson-router/
Anyone know if this is externally accessible from the WAN IP as well? I haven't had a chance to test yet and I'm away from home for a while.
Cheers for any help
Message 1 of 5
(4,355 Views)
4 REPLIES 4
Re: Tightening Thompson router vulnerabilities
16-02-2012 2:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi GringoFrenzy,
There's no need to worry, there are no server services that run on the router that leave you exposed. The HTTP,HTTPS,FTP,Telnet services are all restricted to LAN access. Even the ping responder server is restricted to LAN access to prevent external hosts from getting ping responses from your router.
There is a TR-069 service that runs on the router that is accessible WAN side, we use this for automated provisioning but it is restricted to Plusnet's server (for those that are interested, this server allows us to ask your router to initiate a connection to the TR-069 server configured in the router)
Let me know if I can be any more help!
There's no need to worry, there are no server services that run on the router that leave you exposed. The HTTP,HTTPS,FTP,Telnet services are all restricted to LAN access. Even the ping responder server is restricted to LAN access to prevent external hosts from getting ping responses from your router.
There is a TR-069 service that runs on the router that is accessible WAN side, we use this for automated provisioning but it is restricted to Plusnet's server (for those that are interested, this server allows us to ask your router to initiate a connection to the TR-069 server configured in the router)
Let me know if I can be any more help!
Message 2 of 5
(653 Views)
Re: Tightening Thompson router vulnerabilities
17-02-2012 7:32 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi Matt, thanks for the quick response!
That's good to know. Plusnet staff seem pretty switched on from the forum posts I read before signing up, so I half expected this to be the case anyway. Just thought I'd check
That's good to know. Plusnet staff seem pretty switched on from the forum posts I read before signing up, so I half expected this to be the case anyway. Just thought I'd check
Message 3 of 5
(653 Views)
Re: Tightening Thompson router vulnerabilities
17-02-2012 12:56 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Not quite sure that you're correct about the Ping being restricted to LAN Matt. Mine quite happily responds to Internet Pings to allow me to monitor the quality of my connection via here:
http://www.thinkbroadband.com/ping/monitors.html
http://www.thinkbroadband.com/ping/monitors.html
Message 4 of 5
(653 Views)
Re: Tightening Thompson router vulnerabilities
17-02-2012 4:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi WelshWarrior,
You will have had to explicitly set the router to expose this service on the WAN interface for this to work. I suspect you ran the command below for this to work. If not then I'd be very interested!
You will have had to explicitly set the router to expose this service on the WAN interface for this to work. I suspect you ran the command below for this to work. If not then I'd be very interested!
:service system ifadd name=PING_RESPONDER group=wan
Message 5 of 5
(653 Views)
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Tightening Thompson router vulnerabilities