A question to plusnet about their configuratoon
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- A question to plusnet about their configuratoon
A question to plusnet about their configuratoon
09-11-2016 9:08 PM - edited 09-11-2016 9:11 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: A question to plusnet about their configuratoon
09-11-2016 9:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hello there,
TR069 is an industry standard remote management system for end user devices. In our case, we use it to link Plusnet routers to their associated accounts.
It allows for the easy setup of routers to get online initially and should the PPP session ever drop it will usually reconnect automatically because of this system. I believe that we can also push firmware updates when required.
If this post resolved your issue, please click the 'This fixed my problem' button
Re: A question to plusnet about their configuratoon
10-11-2016 4:07 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi,
I presume TR-069 uses port 7547.
When using the IoT scanner from BullGuard, the said port was open to the external Internet.
I've managed to close said port with port forwarding (7547 in all four columns) but wondering how to stealth said port. I want to ensure that your TR-069 enabled device does not leave any exposed ports
I'm using the 2704n. Firmware 7.275.2_F2704N_Plusnet which hides remote management.
Re: A question to plusnet about their configuratoon
11-11-2016 4:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Never mind. I've solved the problem by reverting back to my old router that has the option to disable remote management.
Re: A question to plusnet about their configuratoon
01-12-2016 7:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
As reported widely in the media within the last two days the newly discovered Mirai worm is bringing routers down offline utilising the TR069 industry standard remote management system.
Can PlusNet confirm whether or not their router is susceptible to this attack?
Re: A question to plusnet about their configuratoon
01-12-2016 8:36 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
It seems ISP routers that haven't had default password changed are most vulnerable.
More here:
Re: A question to plusnet about their configuratoon
02-12-2016 11:33 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Pk9 wrote:
As reported widely in the media within the last two days the newly discovered Mirai worm is bringing routers down offline utilising the TR069 industry standard remote management system.
Can PlusNet confirm whether or not their router is susceptible to this attack?
This is a very good question that should be addressed quickly.
Re: A question to plusnet about their configuratoon
02-12-2016 1:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Is there an easy way to check if your router has been attacked?
Re: A question to plusnet about their configuratoon
02-12-2016 2:07 PM - edited 02-12-2016 2:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Pk9 wrote:
As reported widely in the media within the last two days the newly discovered Mirai worm is bringing routers down offline utilising the TR069 industry standard remote management system.
Can PlusNet confirm whether or not their router is susceptible to this attack?
As I understand it the attack is via misconfigured Tr-064 not directly via TR-069 and the Plusnet router isn't one of those susceptible
In any case the Plusnet routers have a unique login password - unlike many where it is standard
Re: A question to plusnet about their configuratoon
02-12-2016 2:17 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I have just read this http://forum.kitz.co.uk/index.php/topic,19002.msg338425.html#msg338425 which explains how it happened
The issue was with the TR-064 stack not properly checking which interface HTTP requests came from. TR-064 is only supposed to accept LAN side requests. The bug allowed TR-064 requests to be injected into TR-069 (WAN) HTTP requests. The device then assumed that the request was coming come the LAN HTTP server. In summary, these requests had the ability to open [http] port 80 on the firewall, thereby exposing the web administration GUI to the WAN side.
Re: A question to plusnet about their configuratoon
08-12-2016 3:04 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Anoush is it true that both telnet and ssh is disabled on the Sagemcom 2704n router?
And TR-064 is not running on the internet facing WAN side? on port 7547.
Re: A question to plusnet about their configuratoon
28-12-2016 2:53 PM - edited 28-12-2016 2:55 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
So is the router correctly configured with the Tr-064 server not listening on the same port of Tr-069 port 7547?
Can PluNet's confirm this?
Or is it just a case of the router password being the saving grace?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- A question to plusnet about their configuratoon