Announcement

**diif** · 11-29-2016, 06:37 AM

Re: TR-069 remote management port.

That's not hacking, that's poor configuration and accepting commands without authentication but I get what you're saying.
Oh what a surprise to see TalkTalk mentioned. !

**stj** · 11-29-2016, 06:43 AM

Re: TR-069 remote management port.

they assume it's TR-064 used.
the TR-069 password can be recovered from the flash - and i bet they are all the same for the isp model.
if not i bet they are just the SHA1 of a twist on the mac address like the default wifi keys always are!!

**diif** · 11-29-2016, 09:18 AM

Re: TR-069 remote management port.

All of the other exploits used by Mirai were hard coded default usernames and passwords, I don't see why this one would be any different.
I can only see this growing as more and more devices are added to the list over time.

**stj** · 11-29-2016, 11:23 AM

Re: TR-069 remote management port.

if it wasnt hidden, users could disable it.
who owns your router if you dont have total admin rights?!!

**diif** · 11-29-2016, 12:44 PM

Re: TR-069 remote management port.

If the ISP actually carried out due diligence rather than go for the lowest bid for the hardware the users wouldn't need to disable it as it wouldn't be there.

Most belong to the ISP in the UK.

**ddscentral** · 11-29-2016, 12:47 PM

Re: TR-069 remote management port.

Originally posted by stj View Post

if it wasnt hidden, users could disable it.
who owns your router if you dont have total admin rights?!!

That's the catch. Many ISPs lock-down remote management options so that users can't disable them. I remember having to hack my ISP supplied DSL router (an ADB unit) to get full admin access so I could disable all the remote management crap.

That's why I always use my own routers.

**stj** · 11-29-2016, 01:24 PM

Re: TR-069 remote management port.

Originally posted by diif View Post

If the ISP actually carried out due diligence rather than go for the lowest bid for the hardware the users wouldn't need to disable it as it wouldn't be there.

Most belong to the ISP in the UK.

no, the custommer is either charged for them (BT) or they are supplied free on the understanding that they are a gift.
the only company i know that retains ownership is sky.
virgin routers are a grey area.
then again, virgin routers are docsis3 so it's not much use for anything else in the u.k.

**vinceroger69** · 11-29-2016, 01:46 PM

Re: TR-069 remote management port.

slightly off topic but have you saw these new laws that have just came into force in the uk
http://www.independent.co.uk/life-st...-a7445276.html
https://www.theguardian.com/world/20...e-surveillance

**stj** · 11-29-2016, 02:03 PM

Re: TR-069 remote management port.

yes, the treason never ends.
but we have lots of camera mounts to hang the politicians from - and hansard to find out who is guilty!!!

**diif** · 11-29-2016, 02:20 PM

Re: TR-069 remote management port.

Originally posted by stj View Post

no, the custommer is either charged for them (BT) or they are supplied free on the understanding that they are a gift.
the only company i know that retains ownership is sky.
virgin routers are a grey area.
then again, virgin routers are docsis3 so it's not much use for anything else in the u.k.

They charge for delivery but come with the contract. They are the responsibility of the ISP.
Virgin modems are definitely owned by Virgin (although only in name). They can log in and view your connected devices and also will replace it when asked.

I believe the new laws Vince are just legalising some of what GCHQ have been doing for a while, whilst shifting the responsibility of saving the data to the ISPs.

With the annual cost of a decent VPN provider costing less than the price of a good night out I don't know why everyone doesn't use one.

**stj** · 11-29-2016, 02:34 PM

Re: TR-069 remote management port.

because man-in-the-middle at the ISP or Gateway will compromise HTTPS and most VPN's are in the u.s. and covered by security letters - in other words, the NSA virtually run them.

**diif** · 11-29-2016, 03:22 PM

Re: TR-069 remote management port.

Lots aren't.
A fairly comprehensive list here.
https://thatoneprivacysite.net/vpn-comparison-chart/

**vinceroger69** · 11-30-2016, 03:59 AM

Re: TR-069 remote management port.

I have never looked into vpn service etc so dont know anything at all about it in basic terms what does it do and is it worth having it? also would you be able to use streaming boxes still or will content be blocked thanks for any advice you can offer.

**diif** · 11-30-2016, 05:32 AM

Re: TR-069 remote management port.

Originally posted by vinceroger69 View Post

I have never looked into vpn service etc so dont know anything at all about it in basic terms what does it do and is it worth having it? also would you be able to use streaming boxes still or will content be blocked thanks for any advice you can offer.

Imagine it as a secure tunnel, though your ISP through ignoring the ever growing block list to a server in a country of your choice. Nothing is blocked and with the good ones nothing is logged. Some let you torrent too
I have it on my PC and my phones.

**vinceroger69** · 11-30-2016, 05:36 AM

Re: TR-069 remote management port.

Thanks thats good to know.

Announcement

TR-069 remote management port.

TR-069 remote management port.

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment