cancel
Showing results for 
Search instead for 
Did you mean: 

A question to plusnet about their configuratoon

Pk9
Dabbler
Posts: 19
Thanks: 3
Fixes: 1
Registered: 08-11-2016

A question to plusnet about their configuratoon

Hi

 

What is PluNet's TR-069 configuration?

 

Tags (3)
11 REPLIES
Plusnet Staff
Plusnet Staff
Posts: 2,123
Thanks: 361
Fixes: 114
Registered: 22-08-2015

Re: A question to plusnet about their configuratoon

Hello there,

TR069 is an industry standard remote management system for end user devices. In our case, we use it to link Plusnet routers to their associated accounts.

It allows for the easy setup of routers to get online initially and should the PPP session ever drop it will usually reconnect automatically because of this system. I believe that we can also push firmware updates when required.

I've joined the Plusnet Help Team as of May 2017. As such, I have a new forum account. Please direct any queries to @Gandalf. Thanks

 Anoush Mortazavi
 Plusnet Support
Pk9
Dabbler
Posts: 19
Thanks: 3
Fixes: 1
Registered: 08-11-2016

Re: A question to plusnet about their configuratoon

Hi,

I presume TR-069 uses port 7547.

When using the IoT scanner from BullGuard, the said port was open to the external Internet.

I've managed to close said port with port forwarding (7547 in all four columns) but wondering how to stealth said port.  I want to ensure that your TR-069 enabled device does not leave any exposed ports

I'm using the 2704n.  Firmware 7.275.2_F2704N_Plusnet which hides remote management.

Pk9
Dabbler
Posts: 19
Thanks: 3
Fixes: 1
Registered: 08-11-2016

Re: A question to plusnet about their configuratoon

Never mind.  I've solved the problem by reverting back to my old router that has the option to disable remote management.

Pk9
Dabbler
Posts: 19
Thanks: 3
Fixes: 1
Registered: 08-11-2016

Re: A question to plusnet about their configuratoon

As reported widely in the media within the last two days the newly discovered  Mirai worm is bringing routers down offline utilising the TR069  industry standard remote management system.

 

Can PlusNet confirm whether or not their router is susceptible to this attack?

Gel
Pro
Posts: 1,386
Thanks: 133
Fixes: 10
Registered: 02-08-2007

Re: A question to plusnet about their configuratoon

CodeBusters
Grafter
Posts: 57
Thanks: 5
Registered: 17-10-2016

Re: A question to plusnet about their configuratoon


Pk9 wrote:

As reported widely in the media within the last two days the newly discovered  Mirai worm is bringing routers down offline utilising the TR069  industry standard remote management system.

 

Can PlusNet confirm whether or not their router is susceptible to this attack?


This is a very good question that should be addressed quickly.

Bookworms
Grafter
Posts: 187
Registered: 13-11-2007

Re: A question to plusnet about their configuratoon

Is there an easy way to check if your router has been attacked?

Community Veteran
Posts: 38,244
Thanks: 933
Fixes: 54
Registered: 15-06-2007

Re: A question to plusnet about their configuratoon


Pk9 wrote:

As reported widely in the media within the last two days the newly discovered  Mirai worm is bringing routers down offline utilising the TR069  industry standard remote management system.

 

Can PlusNet confirm whether or not their router is susceptible to this attack?


As I understand it the attack is via misconfigured Tr-064 not directly via TR-069 and the Plusnet router isn't one of those susceptible

In any case the Plusnet routers have a unique login password - unlike many where it is standard

Community Veteran
Posts: 38,244
Thanks: 933
Fixes: 54
Registered: 15-06-2007

Re: A question to plusnet about their configuratoon

I have just read this http://forum.kitz.co.uk/index.php/topic,19002.msg338425.html#msg338425 which explains how it happened

The issue was with the TR-064 stack not properly checking which interface HTTP requests came from.  TR-064 is only supposed to accept LAN side requests.  The bug allowed TR-064 requests to be injected into TR-069 (WAN) HTTP requests.  The device then assumed that the request was coming come the LAN HTTP server.  In summary, these requests had the ability to open [http] port 80 on the firewall,  thereby exposing the web administration GUI to the WAN side.

Pk9
Dabbler
Posts: 19
Thanks: 3
Fixes: 1
Registered: 08-11-2016

Re: A question to plusnet about their configuratoon

@Anoush is it true that both telnet and ssh is disabled on the Sagemcom 2704n router?

And TR-064 is not running on the internet facing WAN side? on port 7547.

Pk9
Dabbler
Posts: 19
Thanks: 3
Fixes: 1
Registered: 08-11-2016

Re: A question to plusnet about their configuratoon

So is the router correctly configured with the Tr-064 server not listening on the same port of Tr-069 port 7547?

Can PluNet's confirm this?

Or is it just a case of the router password being the saving grace?