User comments on ISPs
  >> BT Broadband


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User Schrodingers_Cat
(experienced) Thu 27-Oct-11 18:08:02
Print Post

Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[link to this post]
 
I'd always been under the impression that a NAT router was, almost by definition, 100% impervious to all but requested traffic.......and that all ports not actively in use by me are automatically blocked. In other words, a NAT router is by default 'stealthed'.

Well..imagine my surprise on running Gibson Research's 'shields up' test.....and finding that port 161 ( SNMP ) is always open on Home Hub 3.

A little searching on the web, and I see that BTs own forums are full of people asking about this. Yet I see no satisfactory response from BT....just anecdotal references that it has something to do with speeding up gaming or possibly checking the number of devices on a home LAN.

The first and most obvious question is.....just how safe is it to have this port defaulted to always open ? The second question is.....WHY ? Can BT provide a sane and sensible answer to this.
Administrator MrSaffron
(staff) Thu 27-Oct-11 18:58:45
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: Schrodingers_Cat] [link to this post]
 
Not the first router to have a port open internet side

http://en.wikipedia.org/wiki/Simple_Network_Manageme...

Its used for usually doing things like querying router information/stats. Question really is while there is a socket listening has anyone managed to connect to it and do anything?

An open port that gives nothing back is no real risk, other than advertising that you exist, which replying to a ping already does anyway.

See no way that it can be used for speeding up gaming, i.e. internet rumour machine, as for checking number of devices connected to a LAN, that is something you could do, if it is actually hooked up to something that understands SNMP

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User Schrodingers_Cat
(experienced) Thu 27-Oct-11 19:10:56
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: MrSaffron] [link to this post]
 
Well....the open port completely removes the notion of running in 'stealth' mode, in which not even ping should respond.

Whether stealth mode really actually means anything from a security perspective is another matter. I've always just felt that little bit more secure knowing that NO ports respond to external probing.


Register (or login) on our website and you will not see this ad.

Administrator MrSaffron
(staff) Thu 27-Oct-11 19:15:46
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: Schrodingers_Cat] [link to this post]
 
A trick that may work is to port TCP 161 to an unused IP address on the LAN

e.g. if the lan is 192.168.1.2 to 192.168.1.253

Then pick a high IP address e.g. 192.168.1.252 and redirect 161 to that port. Have seen this seal off a port before, and as SNMP is not running on PC's usually even if a machine got that IP via DHCP it would be no issue.

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User mistral
(experienced) Tue 01-Nov-11 23:49:32
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: Schrodingers_Cat] [link to this post]
 
Could you provide more details on the test. It is very hard to port scan udp. Typically it can only work by seeing icmp unreachable message coming back.

However if something between the 2 end's of the tests are blocking that port. Which is a really common thing in data centres it will show as open since no icmp unreachable message comes back.

Did you find it open by testing from lan side.
Were you able to confirm this with a valid snmp client?

Administrator MrSaffron
(staff) Tue 01-Nov-11 23:56:17
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: mistral] [link to this post]
 
A simple telnet on correct port will confirm a listening port, it is also a TCP port.

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User orly
(fountain of knowledge) Wed 02-Nov-11 03:03:15
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: Schrodingers_Cat] [link to this post]
 
My Infinity Home Hub (v2 however) gives stealthed results for all ports including 161.

---
> Comparison chart of FTTC ISPs
> Got FTTC? Complete the survey

BT Infinity 8th July 2010
(NIBA)
600m (approx) to cabinet
29.5Mbit down / 5.5Mbit up
Standard User Stubabe
(learned) Wed 02-Nov-11 08:09:13
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: Schrodingers_Cat] [link to this post]
 
In reply to a post by Schrodingers_Cat:
Well....the open port completely removes the notion of running in 'stealth' mode, in which not even ping should respond.

Whether stealth mode really actually means anything from a security perspective is another matter. I've always just felt that little bit more secure knowing that NO ports respond to external probing.


It really doesn't, SG is a hack that knows less than nothing about security (he made his name writing disk recovery software). Ignoring that fact that shields up is a very rudimentary TCP syn scanner (many scans use illegal options and flag combinations that can induce responses from "sheathed" ports anyway). The vast majority of port scans come from bot-nets that often simply pick address ranges at random to scan. Port "stealth" doesn't really have any impact on this process since they will typically only probe a few (maybe only one) ports that they are interested in (i.e. have viable attack tools for unpatched software that uses that port). So for example, not being pingable or not having a response on port 161 will have no effect on bot-nets looking for 8080 proxy relays. So stealth mode is merely security by obscurity which doesn't work in the long term. Personnaly, the only thing I trust his port scanner for is checking that ports I want open actually are internet addressable.

Howerver, if that port is open and SNMP is running on it that IS an issue as the router's firmware may have vulnerabilities in its SNMP service.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
I went to a specialist the other day and he told me that my disk drives floppy frown
O2 ADSl 5.5Mbs - faster than snails on speed???

Edited by Stubabe (Wed 02-Nov-11 08:10:12)

Standard User mistral
(experienced) Wed 02-Nov-11 17:59:22
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: MrSaffron] [link to this post]
 
In reply to a post by MrSaffron:
A simple telnet on correct port will confirm a listening port, it is also a TCP port.


Actually snmp is running on udp normally. IT also says this here

http://en.wikipedia.org/wiki/Simple_Network_Manageme...

Administrator MrSaffron
(staff) Wed 02-Nov-11 18:29:19
Print Post

Re: Why Is Port 161 ( SNMP ) Open By Default On Home Hub 3 ?


[re: mistral] [link to this post]
 
Seems it can be either, but SNMP on UDP is the better option

Am betting GRC just saw the port on 161 and did a look up of the common ports, rather than check the actual response from port

Andrew Ferguson, andrew@thinkbroadband.com
www.thinkbroadband.com - formerly known as ADSLguide.org.uk
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
  Print Thread

Jump to