Port 8081 and Huawei HG659b Gateway

Forums › Spark New Zealand (including Skinny and BigPipe) › Port 8081 and Huawei HG659b Gateway - Do I Need To Worry?

hasso

76 posts

Master Geek
+1 received by user: 19

#214749 26-May-2017 12:21

Hi...

I've noticed that port 8081 on my router is open to the internet. Although it seems to be protected with a Username and Password, I have not set up this access on the router... in fact I have set it up to not allow any incoming 'non-established' traffic. So, where did it come from and how do I turn it off?

Hasso

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1788696 26-May-2017 12:23

It's for TR-069 management. There are no risks in this and you should not disable it.

hasso

76 posts

Master Geek
+1 received by user: 19

#1788698 26-May-2017 12:34

OK... since I don't have the "super admin" password, I don't think I can turn it off in any case... but I am therefore trusting Spark to manage this securely. Based on this article is that trust well founded?

http://www.pcworld.com/article/2463480/many-home-routers-supplied-by-isps-can-be-compromised-en-masse-researchers-say.html

Perhaps what a friend of mine told me is the way to go..."Put another firewall/router behind it to protect your network and only use the wireless functionality on the Spark provided HG659b for guest wifi.

hashbrown

463 posts

Ultimate Geek
+1 received by user: 131

#1788886 26-May-2017 18:47

I think last time I checked Shodan about 450,000 NZ IPs had that port open.

BarTender

3629 posts

Uber Geek
+1 received by user: 2572

ID Verified

Trusted

Lifetime subscriber

#1790301 27-May-2017 16:59

It's a complete non-issue as @sbiddle said. The TR-069 connection request port is only used to do a HTTP GET to the router and then that makes the router "phone home".

The worst that can happen if the username & password was compromised is the router connects back to the ACS and says "this is my configuration".

That PC World article is also utter BS and it says so itself

"So far Tal and his colleagues at Check Point have investigated vulnerabilities on the server side, but they also plan to investigate possible attack vectors against the TR-069 client implementations on devices."

So everyone starts freaking out about the server which is completely unrelated to the client (ie your router) which has no known attack vectors.