cancel
Showing results for 
Search instead for 
Did you mean: 

PlusNet Router Secure?

FIXED
Spooooky
Dabbler
Posts: 22
Thanks: 1
Registered: ‎26-01-2013

PlusNet Router Secure?

Hello

I have a router that was supplied by PlusNet. Whenever I'm not using the Internet, I often see the wireless lights on the router flash continuously. Is someone using my broadband? I thought routers were meant to be secure since it has a password key.
12 REPLIES 12
gleneagles
Aspiring Legend
Posts: 11,105
Thanks: 2,459
Fixes: 17
Registered: ‎02-08-2007

Re: PlusNet Router Secure?

Must admit I have the same issue, everything unplugged and switched off yet modem and router lights flashing rapidly for 10 - 20 minute periods.

As I am on unlimited contract the actual usage is not a problem for me but if it was not unlimited with the broadband usage chart no longer working it could have been a problem.

The greater concern is security, could some one have access to my connection ?

We are born into history and history is born into us.
Jonpe
Hero
Posts: 3,991
Thanks: 1,831
Fixes: 9
Registered: ‎05-09-2016

Re: PlusNet Router Secure?

As I understand it (from what PN say) the router communicates with PN, the network, or whatever even when idle, and that's why your usage (remember the old days when the meter was working?) showed a few KB of usage even when you hadn't used the internet.  Even my ancient BT Voyager (pre Wi-Fi) router used to flash indicating usage when I was not on-line.  However, I would expect the flashing to be minimal and intermittent rather than continuous for periods as long as 10 to 20 minutes.

MrSilver
Pro
Posts: 550
Thanks: 82
Fixes: 9
Registered: ‎05-10-2016

Re: PlusNet Router Secure?

It could evene be things like the router broadcasting whois messages to see if computers still have IPs that will broadcast over wifi even if no one is listening. I wouldn't worry about it, change your wifi password if you are worried.

jonathan183
Hooked
Posts: 8
Registered: ‎10-12-2016

Re: PlusNet Router Secure?

<ManagementServer>
      <URL>https://acs.plus.net:8443/dps/TR069</URL>
      <Username>tr069</Username>
      <Password>tr069</Password>
      <PeriodicInformEnable>TRUE</PeriodicInformEnable>
      <PeriodicInformInterval>86400</PeriodicInformInterval>
      <PeriodicInformTime>1970-01-01T00:03:59+00:00</PeriodicInformTime>
      <ConnectionRequestURL notification="2">NULL</ConnectionRequestURL>
      <ConnectionRequestUsername>NULL</ConnectionRequestUsername>
      <ConnectionRequestPassword>NULL</ConnectionRequestPassword>
    </ManagementServer>

Factory reset PN supplied router uses tr069 for remote management, sending updates to PN by default. tr069 default username and passwords shown above are trivial ... this is not unique to PN as all ISPs seem to use a similar mechanism. If you want to see the potential security consequence then just search for the latest TalkTalk compromise.

It would be much better for PN to use tr069 for initial setup from factory defaults to help users setup a router, but it is left enabled after the router is setup.

I switch a router off when I am not using it, the day an ISP guarantees to pay for all losses should a left on router result in a fire is the day I consider leaving it switched on ...

MrSilver
Pro
Posts: 550
Thanks: 82
Fixes: 9
Registered: ‎05-10-2016

Re: PlusNet Router Secure?

So this is how CPE generally works, you get it shipped with a factory config, when it connects to TR69 it will get a unique config from Plusnet to configure up, I assume tied to the serial number that was shipped or your line authentication or something.

Having the CPE then call back to plusnet to report stats / data and to ask for any updates is also quite normal, thats the "PeriodicInformEnable" part. From the TR69 standard that is "Whether or not the CPE MUST periodically send CPE information to the ACS using the Inform method call. " so router calling Plusnet not the other way around.

No idea if Plusnet leave the TR64/69 port open to the world, I suspect not and the router is locked down to certain IPs that can talk to it. in fact, i just tried scanning 7547 from the internet and it timed out, so not an open port.

 

You need TR69 as an end user too, if there was a vulnerability found in the router you would want Plusnet to push a new firmware to it to fix it, having millions of customers try to figure out how to manually update router firmware would be a nightmare and leave them exposed for longer.

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: PlusNet Router Secure?

Plusnet supplied me with a Netgear router about 4 years ago, but they seem to have mangled the firmware so that Netgear firmware updates are rejected.

When do Plusnet anticipate fixing this problem?

"In The Beginning Was The Word, And The Word Was Aardvark."

Spooooky
Dabbler
Posts: 22
Thanks: 1
Registered: ‎26-01-2013

Re: PlusNet Router Secure?

Sorry it has taken me this long to reply. I forgot I had started this thread Roll_eyes

 

Thanks for all your interesting replies. Some very geeky ones which went right over my head Grin

On my laptop or computer it does say I am secured but when I am not using the internet, I do notice my router lights flashing quite a lot, which is why I did wonder if my router was breached? My password for the router was provided by PN and consists of numbers and letters so I assume it should keep my router secure. 

jonathan183
Hooked
Posts: 8
Registered: ‎10-12-2016

Re: PlusNet Router Secure?


@MrSilver wrote:
No idea if Plusnet leave the TR64/69 port open to the world, I suspect not and the router is locked down to certain IPs that can talk to it. in fact, i just tried scanning 7547 from the internet and it timed out, so not an open port.

 

You need TR69 as an end user too, if there was a vulnerability found in the router you would want Plusnet to push a new firmware to it to fix it, having millions of customers try to figure out how to manually update router firmware would be a nightmare and leave them exposed for longer.


 

 

Either Plusnet can push firmware changes (in which case so could others) or they can not (in which case leaving TR69 enabled is irrelevant). Leaving default user name and password is still a bad idea ...

jonathan183
Hooked
Posts: 8
Registered: ‎10-12-2016

Re: PlusNet Router Secure?


@Spooooky wrote:
On my laptop or computer it does say I am secured but when I am not using the internet, I do notice my router lights flashing quite a lot, which is why I did wonder if my router was breached? My password for the router was provided by PN and consists of numbers and letters so I assume it should keep my router secure. 

If you want to update passwords you can do, same goes for wireless network name and password etc. If you suspect someone has access to things they should not then I suggest a reset to factory defaults - disable wifi and let PN do the config update and then change wifi name and passwords.

VileReynard
Hero
Posts: 12,616
Thanks: 582
Fixes: 20
Registered: ‎01-09-2007

Re: PlusNet Router Secure?

Fix

All traffic to your internet facing address will be received and cause the lights to flicker, indicating an active connection. Closed ports should block relevant traffic, as should the built-in firewall.

If Plusnet still bothered to provide internet stats, you could see what was going on.

"In The Beginning Was The Word, And The Word Was Aardvark."

Pete11
Seasoned Pro
Posts: 897
Thanks: 261
Fixes: 4
Registered: ‎17-02-2017

Re: PlusNet Router Secure?

The same thing was happening to me, light on router flickering when laptop turned off. Turned out to be my mobile phone, I forgot to switch off wifi, so I turned off wifi and no flickering light.

A float tip is pleasing in its appearance and even more pleasing in its disappearance.
Growing old is inevitable...But growing up is optional.
markhawkin
Pro
Posts: 552
Thanks: 121
Fixes: 11
Registered: ‎17-07-2016

Re: PlusNet Router Secure?

@Pete11

So now the phone application that is "calling home" will be using mobile data instead.

Most devices use background data to check for updates, emails etc so you would expect broadband data to be used.

 

 

I am the satisfied customer....