|
|
Hi All,
Looking at the data in the fields of the TR069
http://192.168.1.1/yds32u872vld.htm
I can see that the UserName is the MAC address of my router.
The password is BrightBox-aaaaa where aaaaa is a "random" string
The request Url is the internet IP Address of my router's connection, using port 8085.
i.e. http://1.2.3.4:8085/cpe/cpe.cgi?id=nnnnnnnn where nnnnnnn is a random hex string.
This smells very much like a "Spy In The Router"
Hi guys. Okay, I have found four *hidden* config pages, whilst trawling the firmware 
http://192.168.1.1/u132xzp32aai.htm
http://192.168.1.1/xc324m12sdlo.htm
http://192.168.1.1/yds32u872vld.htm
http://192.168.1.1/z983erv3210ba.htm
Here are some screenshots, minus my personal data:
http://www.flickr.com/photos/22008695@N03/sets/72157...
NOTE: Login *first*, then visit these URLs. If you are logged out and click one, it will just ask you to login, but won't re-direct you to these URLs.
Have fun!
|
|
|
Have you tried disabling it?
Still there's no way of telling if it takes effect, just like Bandwidth Control doesn't.
1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
|
|
|
|
The Tr069 thing is what helps set up your router automatically.
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
I am not one for conspiracy theories - they are the distraction of paranoia. If Orange wish to "spy" on me, through a module which allows them to configure customer's routers efficiently, I am hardly going to lose any sleep over it.
|
|
|
Have you tried disabling it?
Yes I have, but checking using http://www.yougetsignal.com/tools/open-ports/ shows that even when it's disabled the port 8085 is still open. Even after a re-boot.
I have enabled the log to see if it shows anything...
Interval is set to 86400 {seconds in a day} so I am not expecting anything till tomorrow (if anything)
Currently clicking on the view log generates a 404 error.
Edited by deleted (Wed 15-Feb-12 08:29:24)
|
|
|
|
The periodic inform is nothing more than a heartbeat to let the ISP know your router is healthy, nothing clandestine.
|
|
|
The periodic inform is nothing more than a heartbeat to let the ISP know your router is healthy, nothing clandestine.
How can we be sure of this?
|
|
|
Hi Folks,
Here is a TR69 log file downloaded a few minutes ago.
I enabled logging then re-booted the router this morning...
Personal information has been replaced with *
Tr69Rpcmethod_Inform: 1 BOOT
--------------Dump packet OUT--------------
Packet length = 3380
SOAP-ENV:Envelope
SOAP-ENV:Header
cwmp:ID = *******
SOAP-ENV:Body
cwmp:Inform
DeviceId
Manufacturer = Arcadyan
OUI = ******
ProductClass = BrightBox
SerialNumber = **********
Event
EventStruct
EventCode = 1 BOOT
CommandKey
MaxEnvelopes = 2
CurrentTime = 2012-02-15T07:12:59
RetryCount = 0
ParameterList
ParameterValueStruct
Name = InternetGatewayDevice.DeviceSummary
Value = InternetGatewayDevice:1.0[](Baseline:1,EthernetLAN:1,WiFiLAN:1,ADSLWAN:1,Time:1)
ParameterValueStruct
Name = InternetGatewayDevice.DeviceInfo.HardwareVersion
Value = 01
ParameterValueStruct
Name = InternetGatewayDevice.DeviceInfo.SoftwareVersion
Value = v0.09.82.0001
ParameterValueStruct
Name = InternetGatewayDevice.DeviceInfo.SpecVersion
Value = 1.0
ParameterValueStruct
Name = InternetGatewayDevice.DeviceInfo.ProvisioningCode
Value
ParameterValueStruct
Name = InternetGatewayDevice.ManagementServer.ParameterKey
Value
ParameterValueStruct
Name = InternetGatewayDevice.ManagementServer.ConnectionRequestURL
Value = http://*.*.*.*:8085/cpe/cpe.cgi?id=********
ParameterValueStruct
Name = InternetGatewayDevice.LANDevice.1.LANEthernetInterfaceNumberOfEntries
Value = 1
ParameterValueStruct
Name = InternetGatewayDevice.WANDevice.1.WANConnectionDevice.1.WANPPPConnection.1.ExternalIPAddress
Value = 1.2.3.4
++++++++++++++Dump packet OUT++++++++++++++
Tr69Rpcmethod_Inform: Sending reponse!!
--------------Dump packet IN--------------
cwmp:InformResponse
MaxEnvelopes = 1
++++++++++++++Dump packet IN++++++++++++++
Tr69Rpcmethod_InformResponse: tr69hasInformed=1
Allocate length = 4
Tr69SoapOutput: OutLen = 0
--------------Dump packet OUT--------------
Packet length = 0
++++++++++++++Dump packet OUT++++++++++++++
Tr69SoapOutput: Null response.
Tr69SoapOutput: Sending null Post.
Tr69SoapOutput: End of session.
|
|
|
Well, at least you found out the Manufacturer ("whoever they are"  ).
1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
|
|
|
We already knew that
|
|
|
We already knew that
Indeed so.
|
|
|
Where did we see that? It was said to be somebody else, Astoria Networks, earlier.
1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
|
|
|
Where did we see that? It was said to be somebody else, Astoria Networks, earlier. Found the text "the device is manufactured by Astoria Networks, which is the German subsidiary of the Taiwanese company Arcadyan" on http://sviehb.wordpress.com/2011/09/06/reverse-engin...
No mention of the connection in the original post on http://www.the-scream.co.uk/forums/t31206.html
|
|
|
Well, at least you found out the Manufacturer ("whoever they are" ). Arcadyan Technology Corporation, Science Park, Hsinchu, Taiwan.
http://www.arcadyan.com/english/company/profile_cult...
http://www.arcadyan.com/english/why/service.asp
|
|
|
Where did we see that? It was said to be somebody else, Astoria Networks, earlier. Found the text "the device is manufactured by Astoria Networks, which is the German subsidiary of the Taiwanese company Arcadyan" on http://sviehb.wordpress.com/2011/09/06/reverse-engin...
No mention of the connection in the original post on http://www.the-scream.co.uk/forums/t31206.html
It looks to me! The new Orange Bright Box router is designed by Arcadyan in Taiwan, manufactured in mainland China and they have a service centre in the USA and Germany. 
http://www.arcadyan.com/english/why/service.asp
I see all new Orange broadband customers now get the NEW - Bright Box wireless router.
http://shop.orange.co.uk/broadband/?cmsPageId=05031a
http://help.orange.co.uk/orangeuk/support/personal/6...
I will have to see if I can get one from Orange, I feel I�m being left behind. 
|
|
|
I will have to see if I can get one from Orange, I feel I�m being left behind. Complain to Orange that you are not getting the 15+ Meg that your line is capable of and they will send you a BrightBox to fix that
1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
|
|
|
I didn't realise it was the Download button.
1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
Edited by XRaySpeX (Sun 19-Feb-12 14:55:23)
|
|
|
I didn't realise it was the Download button.
You didn't realise what was the download button? Please explain.
 thank you
|
|
|
I deleted it, but for your info. the Download button is the way to get that log not the normal System Log as I imagined.
1999: Freeserve 48K Dial-Up => 2005: Wanadoo 1 Meg BB => 2007: Orange 2 Meg BB => 2008: Orange 8 Meg LLU => 2010: Orange 16 Meg LLU => 2011: Orange 19 Meg WBC
|
|
|
I deleted it, but for your info. the Download button is the way to get that log not the normal System Log as I imagined.
Ah okay, I see. Thanks
|
Pages in this thread: 
Print Thread
deleted
