Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




7 posts

Wannabe Geek
+1 received by user: 1


Topic # 242382 25-Oct-2018 12:51
One person supports this post
Send private message

I thought i'd check my modem for open ports. I noticed that 23 (telnet), 53 (dns), 80 & 443 and 8081 are all open.

 

Pretty horrified tbh, because if there are any exploits for this router, they will undoubtedly target these open ports. I have all the file sharing stuff disabled on the router. Are these ports open for Spark to remotely administer/spy on you? 

 

I had a google and can't find anything specific for this model of router right now, but who knows.

 

When I telnet to it I get this ATP cli thing:

 

 

skycity-host:~ ajross$ telnet 2XX-XXX-XX-XX-fibre.sparkbb.co.nz

Connected to XXX-XX-XX-XX-fibre.sparkbb.co.nz.
Escape character is '^]'.
Welcome, you are from 192.168.1.65
-------------------------------
-----Welcome to ATP Cli------
-------------------------------

 

Login: superadmin
Password:
Login incorrect. Try again.

 

 

What is this ATP cli? How can I close it. I believe that the port 80 is open to redirect to 443, which is the admin interface. Again, I want to close this - if I want to admin the router, I'd like to do it on the LAN only. Finally, 8081 is a web service but I can't seem to browse to it properly, I've telnet'ted to it below. What's it for, why is that open too?

 

 

Escape character is '^]'.
GET /

 

HTTP/1.1 401 Unauthorized
Connection: Keep-Alive
WWW-Authenticate: Digest realm="HuaweiHomeGateway",nonce="5d65628b9d898ae0112629a952b6f895", qop="auth", algorithm="MD5"
Content-Length: 0

 

Connection closed by foreign host.

 

 

Any help greatly appreciated. I'm not a fan of having my home network open to the Internet!


Create new topic
'That VDSL Cat'
9672 posts

Uber Geek
+1 received by user: 2244

Trusted
Spark
Subscriber

  Reply # 2113826 25-Oct-2018 13:01
One person supports this post
Send private message

 

skycity-host:~ ajross$ telnet 2XX-XXX-XX-XX-fibre.sparkbb.co.nz

Connected to XXX-XX-XX-XX-fibre.sparkbb.co.nz.
Escape character is '^]'.
Welcome, you are from 192.168.1.65

 

 

Please do your tests externally not internally.

 

 

 

the port is open, but only internally.

 

Spark does not spy on your modem, there is an ACS platform that can do remote management.

 

 

"We only access the modem remotely when we are asked to by the customer."
The Spark employee was able to check to see if the modem worked, change settings, reboot the modem or set up Wifi.

 

"We will only do this once the agent has got verbal approval from the customer."
She said the company believed it was standard practice across the internet industry in New Zealand.

 

"The agent has very limited access and is not able to view any sensitive or personal information."

 

 

https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=11864111

 

 





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


6828 posts

Uber Geek
+1 received by user: 2323

Trusted

  Reply # 2113833 25-Oct-2018 13:12
2 people support this post
Send private message

The HG556A was the only modem with a WAN side backdoor from a supplier in NZ. 

I won't say what the details were to login but if you port scanned port 80 over VF's IP ranges you'd get a whole lot of HG556a's and you could login to their WAN side maintenance tool and you could inspect the HTML element for the password field and view their My Vodafone login details. Go figure how much fun that would be!

Anyway, Don't listen to the media when they get hold of this sort of stuff. Also why would an ISP use a router to "spy" on you when they are the one who routes all your data.. Pretty silly aint it.. 





 


 
 
 
 


2042 posts

Uber Geek
+1 received by user: 176

Trusted

  Reply # 2113836 25-Oct-2018 13:18
Send private message

Mine is running the Vodafone firmware and telnet is closed

 

[steve@server ~]$ nmap hg659

 

Starting Nmap 6.40 ( http://nmap.org ) at 2018-10-25 13:12 NZDT
Nmap scan report for hg659 (192.168.0.251)
Host is up (0.0024s latency).
rDNS record for 192.168.0.251: hg659
Not shown: 996 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp open http
443/tcp open https

 

 

 

If you login via port 22 you just get the ATP command line

 

 





Generally known online as OpenMedia, now working for Red Hat New Zealand as a Solution Architect for all things Linux, Virtual and of course Cloud. Still playing with MythTV and digital media on the side.



7 posts

Wannabe Geek
+1 received by user: 1


  Reply # 2113844 25-Oct-2018 13:41
Send private message

Thanks!

 

Although telnet is not open externally, 8081 and 1720 are:

 

Host is up (0.0014s latency).
Not shown: 987 filtered ports
PORT STATE SERVICE
1720/tcp open h323q931
...
8081/tcp open blackice-icecap  (Port 8081 asks for basic authentication when logging in)

 

If there are, or in the future, any exploits for the router - these would most likely be the targets, so it's still not great. Even if Spark are totally trustworthy, not everyone else on the Internet is! There are widely known exploits for millions of standard SOHO modems out there (including Huawei HG range). All it takes is one buffer overflow to get full admin on one of these and you're wide open. 

 

I note from the NZ Herald article you linked to that Vodafone were considering an opt-out option. I wish Spark would do that.

 

 




7 posts

Wannabe Geek
+1 received by user: 1


  Reply # 2113845 25-Oct-2018 13:45
Send private message

Just for clarity: I am -not- insinuating that Spark would be monitoring me. This is a general enquiry. I am concerned that Spark keep these ports open on the modem as this leaves an entry vector open for attacks, whether now or in the future.  I do not wear tin foil hats. laughing


'That VDSL Cat'
9672 posts

Uber Geek
+1 received by user: 2244

Trusted
Spark
Subscriber

  Reply # 2113848 25-Oct-2018 13:53
Send private message

ajrossnz:

 

I note from the NZ Herald article you linked to that Vodafone were considering an opt-out option. I wish Spark would do that.

 

 

i feel like those who choose to 'opt out' would be the same that choose to use their own modem rather than the provided.

 

As someone in the IT Industry such as yourself, I'd suspect that's the best path for you.

 

 

 

The Check your broadband service on the app for example, Does a check to ensure your modems up, something silly like wifi is turned off isn't your issue etc.

 

To average joe, these insights are massive timesavers compared to calling through, doing the whole reboot etc to finally work it out.

 

For things such as Wireless broadband or Voice over Fibre, ACS is essential to allow for the service to work seamlessly. i would hate to have to walk a customer through setting up all of that should there be any change required!

 

 

 

I'll also point out, the ACS on sparks network never touches the wide web, nor does it use a open port.

 

 

 

Vodafones ACS Historically is opt out is more of an issue as it's over the internet and if a modem isn't delinked from an account it's been seen to push out configuration files to those who pickup modems off trademe.

 

I'm unsure if this is still the nature of how it works as i haven't seen any cases of it.

 

Personally i don't opperate the Vodafone or spark supplied modem at home.

 

 

 

 

 

I can't comment on those two open ports, last i checked.. they aren't exposed on a normal line.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21


Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40


Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33


Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27


Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25


Spark IoT network now covers 98% of New Zealand population
Posted 19-Feb-2019 09:28



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.