Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: A Port Found Open on the EE BrightBox2  (Read 2236 times)

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
A Port Found Open on the EE BrightBox2
« on: February 05, 2016, 08:46:05 PM »
I am aware of two users of separate VDSL2 services, provided by EE, who are using the BrightBox2.

Rather disconcertingly, a scan from the Internet of the relevant IP address (or usage of GRC's ShieldsUP!) shows that port 8085 is open to anyone.

My initial suggestion was to use port forwarding to associate port 8085 with a non-routable IP address that was not in the current subnet. The BB2 is assigned the 192.168.1.254 address, so my suggestion was to port forward to 192.168.0.111, for example. That does not work as it is only possible to port forward to addresses of the 192.168.1.X range.

I am wondering if anybody has managed to close that port . . . and, if so, would be willing to share the details, please?
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

ejs

  • Kitizen
  • ****
  • Posts: 2078
Re: A Port Found Open on the EE BrightBox2
« Reply #1 on: February 05, 2016, 09:01:49 PM »
Isn't there usually an open port for the CWMP remote management?

Regarding trying to forward the port, I suppose it could just be forwarded to a computer with a firewall configured to silently discard any incoming packets arriving on that port, which may be the default thing a software firewall would do. That's assuming the BrightBox2 allows you to forward that port. Alternatively, you could try forwarding it to an unused IP address in the correct subnet, but I suppose then a "host unreachable" response might get returned.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: A Port Found Open on the EE BrightBox2
« Reply #2 on: February 05, 2016, 09:09:52 PM »
I agree that there may be a port open for CWMP but I am a firm believer that the end user should be in control. I have never used a CP/ISP provided device other than for a quick test.  ;)

Thank you for the suggestion . . . When the port was forwarded to an address in the correct subnet it was still seen as "open" by anyone looking from the Internet.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

ejs

  • Kitizen
  • ****
  • Posts: 2078
Re: A Port Found Open on the EE BrightBox2
« Reply #3 on: February 05, 2016, 09:20:04 PM »
I suppose whether or not the port forwarding method of closing this port will work depends on if the port forwarding rules that you can add go before or after the built-in firewall rule that opens this port. If the port forward rules go after the rule that opens the port, then it won't work.
Logged

burakkucat

  • Respected
  • Senior Kitizen
  • *
  • Posts: 38300
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: A Port Found Open on the EE BrightBox2
« Reply #4 on: February 05, 2016, 11:11:01 PM »
Hmm . . . yes, thank you. I see what you mean.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.
 

anything