Warning - Users with Tenda ADSL modem

Forums › New Zealand Broadband › Warning - Users with Tenda ADSL modem

1 | 2 | 3 | 4

1948 posts

Uber Geek
Inactive user

#824340 23-May-2013 19:27

I would however like to know what its modem code is though.

If you could pm me and you are a Telecom customer email me and we could do a quick line test with it and I can grab the necessary numbers at our end.

JamesL

956 posts

Ultimate Geek
Inactive user

#824382 23-May-2013 20:20

Maybe there's a greater conspiracy here that these modems are designed to be flawed ;)

Lorenceo

904 posts

Ultimate Geek

Trusted

#824409 23-May-2013 20:47

There have been a few posts on forums about the Orcon Genius box doing this as well. An open resolver on the WAN port is a rather poor design, to say the least.

Psi

11 posts

Geek

#824410 23-May-2013 20:47

I just got back from checking their network.

It was exactly what you said. The router by default is open on the WAN side.
telnet, dns and webpage.

I couldn't get the builtin firewall to block all.
But since they don't need any pinholes I enabled DMZ and set it to a local IP/subnet that doesn't exist.

Now all ports are stealth.

Thanks for your help guys.

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#824419 23-May-2013 21:01

Lorenceo: There have been a few posts on forums about the Orcon Genius box doing this as well. An open resolver on the WAN port is a rather poor design, to say the least.

This issue was somebody who had the firewall disabled (without seeming to realise this was the case).

Genius with the firewall enabled doesn't have this issue.

eXDee

4032 posts

Uber Geek

Trusted

#824420 23-May-2013 21:06

freitasm: I think if the customer buys/uses a cheap modem not supplied by the ISP then all traffic and implications of lack of security lies on customer.

Same as running a PC without antivirus then having problems...

/Devil's Advocate

Agreed.
A device provided from your ISP should be trusted to have sufficient security.

But a device you purchase yourself, is on your own shoulders to make sure its set up correctly or has no faults/flaws. It shouldn't be the ISPs responsibility.

It would be nice if they warned customers of the issue if they are made aware of it, but they shouldnt have to proactively identify all modems of third parties and ensuring they are secure.

These days DDoS attacks make significant use of recursive dns resolvers, so having such issues is going to cause a headache for the user in terms of data cap/upload congestion. And of course it's a given that the person on the receiving end of the attack will be having a bad time too.

I certainly hope that the person i spotted is saved from a data cap headache.

plambrechtsen: There are a number of modems that suffer from poor security...

Feel free to read about how the Internet Census 2012 was done.....

Thankfully all Telecom supplied modems don't suffer from this problem as we check them before the firmware gets signed off. Can't say the same for all modem providers.

So now the real question. Since the internet census is out there is the onus on customers who are running non Telecom supplied modems that are insecure be on the ISP? Or does responsibility fall on the customer?

Yup. Pretty neat project even if it was using insecure devices - it really is worrying what is connected that shouldn't be.

plambrechtsen

1948 posts

Uber Geek
Inactive user

#824449 23-May-2013 22:12

Psi: I just got back from checking their network.

It was exactly what you said. The router by default is open on the WAN side.
telnet, dns and webpage.

I couldn't get the builtin firewall to block all.
But since they don't need any pinholes I enabled DMZ and set it to a local IP/subnet that doesn't exist.

Now all ports are stealth.

Thanks for your help guys.

Since you have now put the dodgy modem back in place (why?) Could you email / message me their home line number?
Plus why didnt you get one of the free Telecom supplied ones as the TG582N is pretty good. I run one at home.

Wise

Send money globally for less with Wise - one free transfer up to NZ$900 (affiliate link).

Zeon

3916 posts

Uber Geek

Trusted

#824502 24-May-2013 01:35

Lol holy sh!t that thing is terrible. If we told the distributors do you think they would care?

Speedtest 2019-10-14

Psi

11 posts

Geek

#824504 24-May-2013 02:21

i have already instructed them to call their isp and get a new router.

For now the tenda is working properly.
(Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax

When i notified pbtech (where i got it) they put me in contact with Tenda AUS.
Ive told them about the problem and am waiting to hear back.

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#824533 24-May-2013 08:17

Psi: (Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax

It does. A product that is shipped to thousands of people, many of which have no idea this is happening, even less idea on how to correct it, is crap.

Out of curiosity, which ISP provided this modem/router?

plambrechtsen

1948 posts

Uber Geek
Inactive user

#824536 24-May-2013 08:29

freitasm:
Psi: (Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax

It does. A product that is shipped to thousands of people, many of which have no idea this is happening, even less idea on how to correct it, is crap.

Out of curiosity, which ISP provided this modem/router?

Didn't the OP just say he got it from pbtech?

I wonder if it has a telepermit?

freitasm

BDFL - Memuneh
79270 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#824538 24-May-2013 08:32

Oh, sorry, missed that.

michaelmurfy

meow
13243 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#824546 24-May-2013 09:03

In fact that reminds me, I've had a modem supplied by an ISP which was a Dlink DSL-526B - I've still got it laying around home somewhere.

No matter what you do, you can not close port 8080 - which directs to the web interface, the problem with this also is even if you change the default admin password it still lets you in as Admin.

I thought putting it in half-bridge or DMZ would fix it - wrong.

The only way I could actually disable it is login via Telnet and intentionally break it's web server. I tried putting some iptables rules in to block it but these get reset ugh. I'd love to know how many of these modems are still out there on this ISP - even the latest firmware does not fix this hole.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Bung

6482 posts

Uber Geek

Subscriber

#824553 24-May-2013 09:17

plambrechtsen: I wonder if it has a telepermit?

Even a telepermit is no guarantee that this wouldn't happen. "This Specification only covers DSL physical layer requirements."

Psi

11 posts

Geek

#824638 24-May-2013 11:35

freitasm:
Psi: (Just because it has a terrible default config doesn't make it automatically crap)
I think the builtin firewall would work im just not sure of the syntax

It does. A product that is shipped to thousands of people, many of which have no idea this is happening, even less idea on how to correct it, is crap.

Out of curiosity, which ISP provided this modem/router?

I meant "crap" in the sense of needing to throw it away even after the problem is solved because the hardware is crap. Which i don't believe is the case.

It will probably work perfectly now that it's configured to block incoming wan connections.
The fact that it doesn't block wan traffic by default isn't due to faulty router hardware. The router is doing exactly what it was told to do. If it had been randomly crashing then yeah, i would agree to throw it away.

It is however a major problem for other people buying a router who don't know about this issue.
So its crap in that sense.

michaelmurfy: In fact that reminds me, I've had a modem supplied by an ISP which was a Dlink DSL-526B - I've still got it laying around home somewhere.

No matter what you do, you can not close port 8080 - which directs to the web interface, the problem with this also is even if you change the default admin password it still lets you in as Admin.

I thought putting it in half-bridge or DMZ would fix it - wrong.

The only way I could actually disable it is login via Telnet and intentionally break it's web server. I tried putting some iptables rules in to block it but these get reset ugh. I'd love to know how many of these modems are still out there on this ISP - even the latest firmware does not fix this hole.

Yeah, i've also seen many telecom supplied dlink's with stupid faults.
The most common issue i see is pinholes which stop working after a day or two.
Requiring a reboot to get them back.

1 | 2 | 3 | 4