Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Digital Lifestyle
Internet, Networking, and Wireless
Curiosity About 2 Routers In IP Scanner Results
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="michelangelo" data-source="post: 1780315" data-attributes="member: 54225"><p>Congratulation, that is great. Now, based on what you discovered, can an alternate explanation be believable as well ?</p><p></p><p>Imagine this device is, as you state, a combination modem, phone gateway, and wireless router. We know that it is connected to a cable, after a splitter separating the TV packets from telephone and internet packets. </p><p></p><p>We could assume there is a modem in what I referred above as the splitter, converting the cable's analogic signal into packets (packets for TV, packets for the rest), then it makes sense to assume the modem contained in the combination modem, phone gateway, and wireless router is not needed and is rendered null (set-up in bridge mode). Then, maybe, either 192.160.0.252 or 192.168.0.1 would be, as seen by the device, a WAN IP address. </p><p></p><p>Could we assume something else ? </p><p></p><p>Apparently, the firewall is pristine: all customary ports (up to 1000 and such) seem to be closed and hidden (not responding). Other ports, (113, 7547, 50805, others), may still be open, let us assume they are also closed and nor responding to ping. </p><p></p><p>Can't we assume the ISP has found, in Alien, a new solution for service TR-069 ?</p><p></p><p>What is service TR-069 ? </p><p></p><p>In the brochure relating to its own modems, Zyxel states: "TR-069 remote management: With TR-069 standard management specifications, service providers are able to manage and configure client devices remotely without manual intervention from end users. This unique feature allows the ZyXEL xxx to offer true “plug-and-play” experience and reduce deployment complexity for service providers to save operating and maintenance costs." On my modem, the service TR-069 uses the port 7547 and I cannot make it invisible, which is a [small] attack point for outsiders. </p><p></p><p>Le us face it: All ISPs need the equivalent to service TR-069 to, at least, remotely perform firmware updates on the modems they lease out to customers. But it is quite rare to hear them telling it. </p><p></p><p>After all, modern (and serious) IoT devices tend to desire to follow an analogous route, based on (1) the fact they are a vulnerability in the host LAN if their firmware cannot be updated when an exploit affecting them is found and (2) no one can reliably trust the vendor or the buyer of the IoT thingy to take care of firmware updates. </p><p></p><p>Is it conceivable that Alien may be a tiny computer (like a Raspberry pie), client on the LAN, whose task is to question the mother ship Arris from time to time, just to download and install new firmware updates ? That could be more secure that punching a hole in the firewall... but could still be compromised IMHO.</p></blockquote><p></p>
[QUOTE="michelangelo, post: 1780315, member: 54225"] Congratulation, that is great. Now, based on what you discovered, can an alternate explanation be believable as well ? Imagine this device is, as you state, a combination modem, phone gateway, and wireless router. We know that it is connected to a cable, after a splitter separating the TV packets from telephone and internet packets. We could assume there is a modem in what I referred above as the splitter, converting the cable's analogic signal into packets (packets for TV, packets for the rest), then it makes sense to assume the modem contained in the combination modem, phone gateway, and wireless router is not needed and is rendered null (set-up in bridge mode). Then, maybe, either 192.160.0.252 or 192.168.0.1 would be, as seen by the device, a WAN IP address. Could we assume something else ? Apparently, the firewall is pristine: all customary ports (up to 1000 and such) seem to be closed and hidden (not responding). Other ports, (113, 7547, 50805, others), may still be open, let us assume they are also closed and nor responding to ping. Can't we assume the ISP has found, in Alien, a new solution for service TR-069 ? What is service TR-069 ? In the brochure relating to its own modems, Zyxel states: "TR-069 remote management: With TR-069 standard management specifications, service providers are able to manage and configure client devices remotely without manual intervention from end users. This unique feature allows the ZyXEL xxx to offer true “plug-and-play” experience and reduce deployment complexity for service providers to save operating and maintenance costs." On my modem, the service TR-069 uses the port 7547 and I cannot make it invisible, which is a [small] attack point for outsiders. Le us face it: All ISPs need the equivalent to service TR-069 to, at least, remotely perform firmware updates on the modems they lease out to customers. But it is quite rare to hear them telling it. After all, modern (and serious) IoT devices tend to desire to follow an analogous route, based on (1) the fact they are a vulnerability in the host LAN if their firmware cannot be updated when an exploit affecting them is found and (2) no one can reliably trust the vendor or the buyer of the IoT thingy to take care of firmware updates. Is it conceivable that Alien may be a tiny computer (like a Raspberry pie), client on the LAN, whose task is to question the mother ship Arris from time to time, just to download and install new firmware updates ? That could be more secure that punching a hole in the firewall... but could still be compromised IMHO. [/QUOTE]
Verification
Post reply
Forums
Digital Lifestyle
Internet, Networking, and Wireless
Curiosity About 2 Routers In IP Scanner Results
Top