cancel
Showing results for 
Search instead for 
Did you mean: 

Security Warning

FIXED
jennyBA
Grafter
Posts: 42
Registered: ‎07-04-2010

Security Warning

Hi, can anyone help with this please. We got this warning come up on screen and don't know what it means, is it important and if so how do i fix it. 

I took photo of the screen if you enlarge image you can just read it and get the idea what its on about

 

IMG1129A.jpgIMG1130A.jpgIMG1131A.jpg

 

12 REPLIES 12
VileReynard
Aspiring Champion
Posts: 11,535
Thanks: 368
Fixes: 14
Registered: ‎01-09-2007

Re: Security Warning

This looks like a generalised message - who sent it to you and why?

If you have a Plusnet supplied router, the degree of configuration is so poor that you probably couldn't switch the remote configuration (via the admin pages) option on.

On other routers, there is often an option to be able to remotely administer your router - but no-one(?) would switch this on unless there was some vitally important feature that made it necessary.

You can test this by trying to login to your router via the internet-facing address (the WAN address).

 

 

Community Veteran
Posts: 5,537
Thanks: 326
Fixes: 5
Registered: ‎11-08-2007

Re: Security Warning

Fix

@VileReynard wrote:

You can test this by trying to login to your router via the internet-facing address (the WAN address).


 

Alternatively you could run a port scan test to see what services your router is reporting as being potentially accessible from the internet.

 

I tend to use GRC ShieldsUP! to check my system.

 

Go to the GRC website - https://www.grc.com/

Select "ShieldsUP!" from the drop down [Services] tab.

Click on the [Proceed] button

Click on the [All Service Ports] button (near the centre of the page)

Let the test run for about 70 seconds

Then read what the recommendations are if you don't get a perfect result like this -

 

GRC ShieldsUP Service Ports Probe .jpg

jennyBA
Grafter
Posts: 42
Registered: ‎07-04-2010

Re: Security Warning

Thank you, i have run the test following your advice and it all came out green and said passed, so i don't think i have anything to worry about.

jennyBA
Grafter
Posts: 42
Registered: ‎07-04-2010

Re: Security Warning

It was flashed up on screen by Avast Security software that we have installed.


@VileReynard wrote:

This looks like a generalised message - who sent it to you and why?

If you have a Plusnet supplied router, the degree of configuration is so poor that you probably couldn't switch the remote configuration (via the admin pages) option on.

On other routers, there is often an option to be able to remotely administer your router - but no-one(?) would switch this on unless there was some vitally important feature that made it necessary.

You can test this by trying to login to your router via the internet-facing address (the WAN address).

 

 


 

VileReynard
Aspiring Champion
Posts: 11,535
Thanks: 368
Fixes: 14
Registered: ‎01-09-2007

Re: Security Warning

It's was just a generic warning about routers in general - it listed just about all the different brands of router!

It knows nothing about your particular router, so it can be safely ignored.

Community Gaffer
Community Gaffer
Posts: 13,868
Thanks: 1,382
Fixes: 116
Registered: ‎04-04-2007

Re: Security Warning

That GRC scan is not conclusive. There are thousands of available ports it hasn't scanned.

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

VileReynard
Aspiring Champion
Posts: 11,535
Thanks: 368
Fixes: 14
Registered: ‎01-09-2007

Re: Security Warning

You can't prove that some ports aren't left open by doing occasional port scans, anyway.

Just an indication that there is nothing obviously wrong.

Community Veteran
Posts: 5,537
Thanks: 326
Fixes: 5
Registered: ‎11-08-2007

Re: Security Warning

@jennyBA  if that message occurs again, try logging in to your router's configuration pages, find the settings for "UPnP" and try setting that to being disabled.

 

On routers where UPnP is enabled, it is possible that a device anywhere on your home network has silently asked your router to provide a backdoor through your router's security firewall so that some remote computer on the internet can access something on your otherwise protected home network (which if malicious could present a security risk) - this might have been what triggered the warning screen that you saw.

 

In practice UPnP is rarely needed these days, and disabling it shouldn't cause any problems.

Community Veteran
Posts: 5,537
Thanks: 326
Fixes: 5
Registered: ‎11-08-2007

Re: Security Warning


@bobpullen wrote:

That GRC scan is not conclusive. There are thousands of available ports it hasn't scanned.


 

@bobpullen

 

While that is technically true, the warning on @jennyBA's screen shows -

"The admin interface of your router is accessible from the internet"

 

Assuming the router is a standard Plusnet router, what are the default port numbers used by the WAN facing admin interface ?

My guess would be TCP port 80 is the default, and would therefore have been covered by the GRC test suggested.

If there are other ports used, then it would be simple to go back and test those with the GRC port scanning tool.

VileReynard
Aspiring Champion
Posts: 11,535
Thanks: 368
Fixes: 14
Registered: ‎01-09-2007

Re: Security Warning

The WAN port 80 is not open, as shown by that GRC scan.

It's likely that port 80 is open on the LAN side - to access the configuration screen, but that doesn't matter, especially since its password protected.

Community Gaffer
Community Gaffer
Posts: 13,868
Thanks: 1,382
Fixes: 116
Registered: ‎04-04-2007

Re: Security Warning


@Nibiru wrote:

@bobpullen wrote:

That GRC scan is not conclusive. There are thousands of available ports it hasn't scanned.


@bobpullen

While that is technically true, the warning on @jennyBA's screen shows -

"The admin interface of your router is accessible from the internet"

Assuming the router is a standard Plusnet router, what are the default port numbers used by the WAN facing admin interface ?

 

It's a Hub Zero, and I don't believe it offers a native option of opening up the admin interface to the outside world.

Perhaps the warning is being triggered by the TR069 connection port (7547)?

 

~ $ sudo nmap -Pn -p 7547 146.198.[REDACTED]

Starting Nmap 6.47 ( http://nmap.org ) at 2019-02-09 00:40 GMT
Nmap scan report for [REDACTED].198.146.dyn.plus.net (146.198.[REDACTED])
Host is up (0.024s latency).
PORT     STATE SERVICE
7547/tcp open  unknown 

Nmap done: 1 IP address (1 host up) scanned in 0.84 seconds

 

Bob Pullen
Plusnet Product Team
If I've been helpful then please give thanks ⤵

VileReynard
Aspiring Champion
Posts: 11,535
Thanks: 368
Fixes: 14
Registered: ‎01-09-2007

Re: Security Warning

I thought I'd succeeded in turning off TR-069 (also known as CWMP) on my non-Plusnet router - butCry

~ $ sudo nmap -Pn -p 7547 51.6.89.xxx gives:-

Starting Nmap 7.40 ( https://nmap.org ) at 2019-02-09 02:08 GMT
Nmap scan report for xxx.89.6.51.dyn.plus.net (51.6.89.xxx)
Host is up (0.00068s latency).
PORT     STATE SERVICE
7547/tcp open    cwmp

Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

I shan't bother about it, since all the parameters in the boxes are blank & my previous Plusnet supplied router ran for years with the port open.

Actually, any commercial public ip address will show that some kind of firewall is blocking port 7547.