Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×

Has Anybody Disabled TR-069 CPE WAN Management On Their Router?

JetsetBkk

By JetsetBkk
in IT and Computers

 Share

Recommended Posts

RichCor Platinum Member

RichCor

Posted
Posted

I've seen that talk when it was first posted. Wish he'd done a better job presenting TR-069, how ISPs currently use it to automatically provision client premises equipment attached to a circuit, when is it likely to be used or reused, and then the security issue.

 

While a hacker can potentially take over an ISPs ACS and then en-mass control the entire client base, I haven't heard of it happening.... yet. Probably just a matter of time.

 

For now, hackers are having too much fun sending direct configuration commands to ISP client routers via insecure telnet ports the ISP has baked into their custom versions of the router firmware giving their technicians (and now everyone else) direct access to the device configuration. Oh so much easier.

 

As far as changing the url the TR-069 / CWMP,  I couldn't verify that editing it would prevent the router from connecting when I made any changes on mine.  I can't monitor the Fiber Optic connection with WireShark to see what traffic is being passed.  

 

Anyway, if you do manage to break the TR-069 link, and at some future point your ISP changes your account provisioning (say the connection VLAN assignment) then your Internet will die and the router not be able to refresh the provisioning to establish a new link. [My VLAN was just recently changed fro 999 to 10 when I was given a new speed assignment, when I recently completely reset the router I had to use TR-069 function to autoconfigure the router as my setup records were out of date]

 

tl;dr

 

no

JetsetBkk Star Member

JetsetBkk

Posted
  • Author
Posted
On Tuesday, July 04, 2017 at 8:11 PM, RichCor said:

I've seen that talk when it was first posted. Wish he'd done a better job presenting TR-069, how ISPs currently use it to automatically provision client premises equipment attached to a circuit, when is it likely to be used or reused, and then the security issue.

 

While a hacker can potentially take over an ISPs ACS and then en-mass control the entire client base, I haven't heard of it happening.... yet. Probably just a matter of time.

 

For now, hackers are having too much fun sending direct configuration commands to ISP client routers via insecure telnet ports the ISP has baked into their custom versions of the router firmware giving their technicians (and now everyone else) direct access to the device configuration. Oh so much easier.

 

As far as changing the url the TR-069 / CWMP,  I couldn't verify that editing it would prevent the router from connecting when I made any changes on mine.  I can't monitor the Fiber Optic connection with WireShark to see what traffic is being passed.  

 

Anyway, if you do manage to break the TR-069 link, and at some future point your ISP changes your account provisioning (say the connection VLAN assignment) then your Internet will die and the router not be able to refresh the provisioning to establish a new link. [My VLAN was just recently changed fro 999 to 10 when I was given a new speed assignment, when I recently completely reset the router I had to use TR-069 function to autoconfigure the router as my setup records were out of date]

 

tl;dr

 

no

 

Thanks for your reply. I've been researching a different networking problem I have, so only just read it - sorry for the late reply.

 

My Huawei "SmartAX MT880" router has a page for configuring the TR-069 protocol, but several fields are not readable eg. the URL is all ******'s, but appears to be editable. Fear of screwing up the router stopped me from actually doing that.

Also, on that page there are Activated and Deactivated buttons for TR-069, but ditto re. the fear, as above.

 

So I guess I'll leave it alone... 

 

RichCor Platinum Member

RichCor

Posted
Posted

Just like UPnP, it's a protocol that can be too easily hijacked to do a lot of bad things.

 

CWMP / TR-069 has safeguards, such as Out-Of-Band ISP only communication, and optionally requiring Security Certificates  ...but I don't see the ISPs here in Thailand using any of that.

 

Just keep a watch for unusual number of ads being displayed everywhere (well, outsite of ThaiVisa that is)  ...as the first thing router hackers do is modify what DNS the router issues to connecting clients. Most of the hackers go for the generated ad revenue. Easy money compared trying to get you to spill your online credentials.

JetsetBkk Star Member

JetsetBkk

Posted
  • Author
Posted
39 minutes ago, RichCor said:

Just keep a watch for unusual number of ads being displayed everywhere (well, outsite of ThaiVisa that is)

biggrin.gif

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formerly Thai Visa) Thailand's oldest and most popular forum for expats and foreigners.

Sign up today and have your say

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...