|
|
Open to the BTAgent daemon?
So what information can you get out of it by accessing over the internet?
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
|
Sorry, no idea. Mine is now stealthed though so I'm happy.
|
|
|
What happens if you connect to the ports over the internet? 161 is an SNMP port.
TR-069 usies 4567 as part of the remote firmware upgrade functionality.
Let's say you rent a house. Isn't it objectionable that the landlord would choose to leave two back doors open, to which only he has the keys to, without your knowledge and indeed your ability to put your own locks on them?
Such is it with the supplied BT Infinity modem/router. I understand they are making a product for the masses but they should have at least not dumbed down the admin interface so much that you can't lock down those ports, limit bandwidth of users, shut down WPS (Google: Reaver + WPS cracking), have CLI access and other things.
I'll admit I am not very computer savvy and am learning as I go (thank you to the informed posters here) but am objecting to these open ports on the principle of it, which are concepts even a child can grasp.
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
If you load the hacked firmware on the HG612, you can disable vlan 301. I think that stealths Port 161.
|
|
|
|
Which will have no effect on the (overzealous IMHO - but that's another issue) GRC test.
This is testing the ports on the router (HomeHub), not the HG612 modem.
VLAN301 is not accessable from the internet, only from BT's management platform.
The internet connection traverses VLAN101, which is bridged to the LAN1 interface and from there to the router.
The modem itself does not present any ports to the internet. It passes everything transparently through to the router behind. It is this router that presents ports to the internet.
It may perhaps be worth thinking of this in other terms.
As you know, (when unlocked, but with the default config and still operating as a bridge) the modem presents 'the internet' via the LAN1 interface.
The admin pages of the modem can only be accessed via the LAN2 interface.
i.e. The LAN1 interface and the internet are 'bridged'. It acts as a simple pipe allowing everything to pass back and forth between the two.
The LAN2 interface is only used to access the router itself. Any traffic on LAN2 is separate from LAN1.
The internet cannot be accessed from LAN2 and the modem cannot be accessed from LAN1.
Whilst the above uses two physical interfaces to separate the traffic (LAN1 & LAN2), the same is done on the WAN (internet facing) interface by using Logical Separation.
The physical WAN interface contains sub-interfaces (VLAN101 & VLAN301). These are logically separate, acting in a similar manner to the two LAN interfaces. One (VLAN101) is bridged to the LAN1 interface, the other terminates on the router itself.
Traffic from one cannot be accessed from the other.
|
|
|
Fritzbox 7390 will handle the VDSL2 side.
Yes that TP-Link is not suitable to replace modem. Datalink protocol would need to list VDSL2 which it does not.
Around the world it is pretty common to supply a VDSL modem. In fact for many countries same used to happen with ADSL, and people bought their own Ethernet router.
I heard that BTOR is doing trials of wires only FTTC, so you are just sent the modem/router with some filters and then fit it your self.
Be better than having to wait in for someone to install it.
I presume eventually they will do away with the separate modem and router and combine it all in one unit.
Adrian
Desktop machine now powered by windows 7 pro 64bit , laptop by ubuntu
ALLPAY Wireless broadband
|
|
|
Object by not using the HH3, and then see what ports are apparently not stealthed.
Not being stealthed is different to not been open. I've seen GRC report ports, that have IP restrictions on them reported as visible, because you can infer a service is running on the port, but the router once it looks at src IP actually drops the packets.
With the keys analogy it is like insisting that the key hole is also located in a hidden place, so no visible key to even attempt a key in.
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
Which will have no effect on the (overzealous IMHO - but that's another issue) GRC test.
This is testing the ports on the router (HomeHub), not the HG612 modem.
VLAN301 is not accessable from the internet, only from BT's management platform. Have you actually seen the settings for Vlan 301 on the HG612 interface?
|
|
|
|
Yes and it is irrelevant as VLAN 301 is not connected to or accessible from the internet.
The only way to access services on VLAN301 is to also be connected to VLAN301.
The internet connection is on VLAN101.
Do you understand the concept of VLANs, sub-interfaces and logical separation?
|
|
|
One has to laugh.
Your explanation of how the setup normally works looked quite convincing, but has a basic flaw. Which for the moment I will leave you to discover within the text of your post.
In your first line you state quite categorically Which will have no effect on the (overzealous IMHO - but that's another issue) GRC test.
I suggest you stop arguing with BatBoy on this subject, due to the flaw in your explanation.
My broadband basic info/help site - www.robertos.me.uk
Domains,website and mail hosting - Tsohost. Connection - Plusnet Extra Fibre (FTTC). Sync ~ 56.0/13.9Mbps @ 600m.
"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
|