Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Plusnet's Technicolor TG582n Router is OPEN TO HAC...
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
10-05-2013 6:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
14-05-2013 12:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@MsDizzie -
Thanks. Can anyone explain why you get stealthed Ports (your SheildsUp! photo) with the settings you have on the same router to me and I get Open and closed Ports when I have the same settings as you have? Surely I should get the exact same results as you?
Quote from: MsDizzie These are the 582n settings I currently have (8.4.4.J) and Plusnet's firewall set to low (Basic Settings) to allow me to use VPN. Does this help at all?
@Penfold -
same as my last comment/question- surely it should work for me like it does you, but it doesn't...
Quote from: penfold Mines an 'out of the box' tg585, and checking with shields up, upnp and all ports are stealthed. Plusnets firewall also on at low. Only changes made to router are the password, and some reserved ip addresses
@ejs -
thank you for confirming. I had pretty much guessed it was a log but the words in it make no sense to me.
Quote from: ejs
Quote from: x47c Like poster 'Oldjim',
Oldjim's log was the log messages generated by the GRC shields up test!
@npr - thanks for your comments & suggestions. I am sorry to say I don't understand it - I am not that technically able and fear if I mess with things I dont understand I could cause another problem.
@x47C - I also used to have many people triggering such alarms on my old router/ISP set up. Tiresome and worrying at the same time. Most were from the USA.
@ Matt Turner (Plusnet) - "I'm not sure why these ports aren't showing as dropping packets (stealth), all my tests here show that they should."
- Thanks for your suggestions. I have no idea how to execute the command you have suggested and like you said too, I fear something could go wrong so I am not going to try that - sounds too technical for me to be able to do anyway to be honest.
@krs360 - "Are you using a MAC? or apple product for sharing/streaming movies, etc by any chance?" - Thanks, but no I I am not. I do have an iPad and two iPhone which are switched to wifi on but they just it there and aside from using the web or WhatsApp occasionally - nothing else goes on from the Apple products.
@w23 - "Just a thought. you're not running these tests while connected to the VPN by any chance?" . No - tests were done from normal internet connection.
Summary - I am not sure what do to next. This is a pain and I can do without the timr and energy burnt on this issue. I appreciate all of your comments and suggestions so please keep them coming. Matt - Can I back out of my Plusnet contract if I want to or is it too late? I didnt realise I would walk into this problem on joining Plusnet. I took all this sleathed ports stuff for granted with my previous ISP and old router.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
14-05-2013 2:19 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I switched the Plusnets own Firewall setting down form High to Low in the vain hope something may have changed, undertook ShieldsUp! test and got this on the first page of report back...(SEE ATTACHMENT AS I DON'T KNOW HOW TO INSERT A PICTURE IN THIS TEXT). The grid of ports all came back green but the message shows there is no overall stealth. I have blocked out my IP number but you get the idea.
I dont get this message back when the Plusnet Firewall is set to High. I want all green ports and the (there is no reverse DNS' message that SheildsUp! gives when overall the thing is stealthed.
COME ON PLUSNET - FIND A SOLUTION FOR ME! ITS DRIVING ME MAD!
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
14-05-2013 2:51 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
If you're concerned about this could you possibly use the router you had with your last ISP and just update the username/password to your Plusnet connection details? (sorry if that's already been asked earlier in the thread).
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
14-05-2013 5:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
(You would have something similar whoever your ISP was).
As far as Matt Turner's suggested commands go, and that from npr's web page, they are CLI commands and need to be executed by Telnetting into the TG582n, not something perhaps for the faint hearted, but in normal circumstances shouldn't be needed. If you wish to learn about such things, I'm sure guidance can be given is easy steps.
The fact that the GRC All Service Ports test came up Green, means they are all stealthed. I can only guess that maybe the reason you saw some issues before was that the Plusnet Firewall I believe is not active initially on new connections, and after you change settings there you need to drop the PPP session and establish a new one for it to take effect. To do so, log in to the Modem/Router, in the Internet box, click Disconnect to drop the PPP Internet session (this is not the sync), wait 30 seconds then click Connect. This also usually results in a Gateway change, so is the method you would use should you need to Gateway hop.
Please post back with any more questions or worries.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
14-05-2013 5:21 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I'd recommend a factory reset of the router followed by rechecking on the ShieldsUp website.
Matt
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
14-05-2013 6:11 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: Cobalt19 I switched the Plusnets own Firewall setting down form High to Low in the vain hope something may have changed, undertook ShieldsUp! test and got this on the first page of report back...(SEE ATTACHMENT AS I DON'T KNOW HOW TO INSERT A PICTURE IN THIS TEXT). The grid of ports all came back green but the message shows there is no overall stealth. I have blocked out my IP number but you get the idea.
I dont get this message back when the Plusnet Firewall is set to High.
The reverse DNS message and Plusnet Firewall setting was a coincidence. When you changed the Plusnet Firewall setting, you would have had to disconnect and reconnect, getting a new IP address in the process. I've just checked a few of the IP addresses I've had from my router log, 3 had reverse DNS entries, 1 didn't. It's been said already, I'll say it again: the reverse DNS entries contain no more information than the IP address itself anyway.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
14-05-2013 10:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Port 21 can be changed to stealth by unassigning the game and application rule for FTP. This can be found in the game and application section of the routers GUI.
Note: The above port is used by the router for FTP access to attached USB memory or disk.
Port 51005 was mentioned in my previous post.
Not a serious security issue IMO
IF all ports are still not shown as stealth then:
a) Someone has configured some port forward rules in the router.
Check them in the routers settings.
b) There's one or more servers running on a attached device (P2P software ?) which is opening ports via UPnP. Disable UPnP in the routers GUI.
Quote "undertook ShieldsUp! test and got this on the first page of report back"
That is just Gibson being silly. All connection to a web server will show their IP address. If you don't want this go through a proxy or VPN service.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
18-05-2013 6:03 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
thanks for your suggestions - I will try starting with the Factory Reset that Matt mentioned. You know what I am about to ask..... how do i do this? What is the step by step pls? On accessing the router UI afterwards will I be presented with the original factory username and password or will the router remember the new one I have in currently?
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
18-05-2013 6:27 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
18-05-2013 6:42 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Here's how to reset the router to factory default configuration: http://www.plus.net/support/broadband/hardware/technicolor-582n-faqs.shtml#factoryReset
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
18-05-2013 6:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I suggest you do it like this to avoid the possibility of upsetting the Exchange DLM which may up your Target Noise margin or Band your speed if it thinks all you recent activity is drops in connection -
Log in to the Modem/Router, in the Internet box, click Disconnect to drop the PPP Internet session (this is not the sync). Wait about a minute and then power down the modem/router. Wait a minute and the unplug it from the Line. Power it up again, when it's booted, there's a pin hole reset in the back of the modem/router next to the power button (it is shown in the booklet that came with the modem/router). Hold that in for about 8 seconds. It will then go into factory reset mode. When that's complete you will either have to log in to it and enter your broadband username and password again manually or plug it into the line and wait 15 minutes for the TR-069 system to do it for you. If you do it manually off-line you may have to try logging in and going to the right screen a couple of times as you get presented with a screen that tells you your connection is down
HTH.
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
19-05-2013 8:28 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
19-05-2013 8:49 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet's Technicolor TG582n Router is OPEN TO HACKERS! - help needed
19-05-2013 9:48 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
In all fairness to the OP I wonder if you have a faulty routerl. The plusnet supplied one that I had for fibre (Technicolor) shows up as green on everything for me at grc.com and I even left unplug and pray on and the plusnet control panel firewall is off, I just have the Technicolor firewall set to standard
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- Plusnet's Technicolor TG582n Router is OPEN TO HAC...