BT modems have NSA back-door, claim researchers

In reference to www.bit-tech.net/news/hardware/2013/12/17/bt-back-door/1:

BT has been accused of hiding a government back-door in modems provided to broadband customers by a team of researchers who claim the company is not alone in providing such access to supposedly-private home networks.

In reply to a post by BatBoy:

In reference to www.bit-tech.net/news/hardware/2013/12/17/bt-back-door/1:

BT has been accused of hiding a government back-door in modems provided to broadband customers

UK government, Chinese government or both? (as well as the USA)

I have to say I always considered a back door a possibility and it's one of the reasons I don't use the Openreach modems (on four FTTC services I manage)

When I got the first Openreach modem I unlocked it before using it for service (with just a single computer connected to it on LAN2) and immediately noticed VLAN301 and its 30.x.x.x IP address. I immediately disabled this as a potential security threat (something which can be done with unlocked firmware). This does, of course, block ISP helpdesk access to the modem via TR-069 but I can live with that.

On the "more important" connections I manage I run a separate firewall internal to the VDSL modem/router which handles all NAT, access control and VPN encryption. I run a number of 'tripwires' on the firewalls to detect intrusion attempts and block all traffic from external sites which seem to be probing (address space, port space and certain specific protocols). This includes blocking access to services which continue to be open to the public internet at large.

A quick scan of one firewall status shows 21 sites currently blocked by tripwire activation.

As an additional security measure, no remote VPN site that doesn't have its own dedicated firewall can initiate inbound VPN connections and traffic to the main sites.

I may just be paranoid, of course

Edited by caffn8me (Tue 17-Dec-13 22:56:16)

In reply to a post by caffn8me:

A quick scan of one firewall status shows 21 sites currently blocked by tripwire activation.

This blocking is dynamic - there are now 174 separate IP addresses blocked

I've always thought that Vlan301 is for BT-Fon-Wifi

This VLAN appears on the Openreach modem regardless of whether the end ISP is BT or not. For BT-Fon I would expect the wireless hub to set up its own connections rather than the modem but as I've never played with a BT wireless hub I may be wrong.

Well, it doesn't appear to work with Vlan301 disabled

I believe TR-069 also uses VLAN301 and that's nothing to do with BT-Fon

It's called Tr069_INTERNET in the service list on the modem true enough, so it's definitely for that, but also for BT wifi Fon which is why it has DHCP turned on

I have no need for either so it's disabled in the modems I have (which aren't even connected except in the event of a line fault). BT WiFi wouldn't work anyway as I'm not using a BT service.