Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[burakkucat]

An nmap scan showing the original status, before applying the above configuration adjustment --

# Nmap 7.12 scan initiated Wed Nov 16 17:15:31 2016 as: nmap -Pn -sS -sV -sU -p 7547 -oN port_7547_scan-1.txt 79.74.208.191
Nmap scan report for 79-74-208-191.dynamic.dsl.as9105.com (79.74.208.191)
Host is up (0.11s latency).
PORT     STATE         SERVICE VERSION
7547/tcp open          unknown
7547/udp open|filtered unknown
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port7547-TCP:V=7.12%I=7%D=11/16%Time=582CDAA6%P=x86_64-redhat-linux-gnu
SF:%r(GetRequest,54,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Length:
SF:\x200\r\nDate:\x20Wed,\x2016\x20Nov\x202016\x2022:16:09\x20GMT\r\n\r\n"
SF:)%r(HTTPOptions,54,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Lengt
SF:h:\x200\r\nDate:\x20Wed,\x2016\x20Nov\x202016\x2022:16:09\x20GMT\r\n\r\
SF:n")%r(RTSPRequest,54,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nContent-Len
SF:gth:\x200\r\nDate:\x20Wed,\x2016\x20Nov\x202016\x2022:16:09\x20GMT\r\n\
SF:r\n")%r(FourOhFourRequest,54,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nCon
SF:tent-Length:\x200\r\nDate:\x20Wed,\x2016\x20Nov\x202016\x2022:16:37\x20
SF:GMT\r\n\r\n")%r(SIPOptions,54,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nCo
SF:ntent-Length:\x200\r\nDate:\x20Wed,\x2016\x20Nov\x202016\x2022:16:42\x2
SF:0GMT\r\n\r\n");

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Wed Nov 16 17:17:37 2016 -- 1 IP address (1 host up) scanned in 94.75 seconds

An nmap scan showing the current status, after applying the above configuration adjustment --

# Nmap 7.12 scan initiated Thu Dec  8 06:41:48 2016 as: nmap -Pn -sS -sV -sU -p 7547 -oN port_7547_scan-2.txt 79.74.209.134
Nmap scan report for 79-74-209-134.dynamic.dsl.as9105.com (79.74.209.134)
Host is up.
PORT     STATE         SERVICE VERSION
7547/tcp filtered      unknown
7547/udp open|filtered unknown

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
# Nmap done at Thu Dec  8 06:43:24 2016 -- 1 IP address (1 host up) scanned in 95.23 seconds

[polymath]

burakkucat: Many thanks for the 6 screen shots explaining the protocol and access control settings. I will give those a try.

One small point I noticed on the Add/Edit Access Control screen is the Direction option of WAN to ROUTER. My closest option is WAN to LAN; hopefully it means the same.

[burakkucat]

. . . I noticed on the Add/Edit Access Control screen is the Direction option of WAN to ROUTER. My closest option is WAN to LAN; hopefully it means the same.

"WAN to ROUTER" is an exact match for what is required. The VMG1312-B10D, as a device in its own right, is what I wanted to be inaccessible via port 7547.

"WAN to LAN" is close but not an exact match. Hopefully, though, you will be able to filter the port.

[polymath]

I found the WAN to ROUTER option in the Access Control Direction parameter. I have added the 2 Protocol and Access Control settings. The Shields Up! response to a scan of just port 7547 is the same, the port is Closed. So in Shields Up! terms it fails the stealth test.

I guess that at least on this VMG3925-B10B port 7547 response is 'hard coded' to Closed before the Firewall rules in the Web Configurator get a chance.

As the port is Closed I am assuming the TR-069 client is disabled. There are no options in the Maintenance menu for TR-069 or TR-064; even though the manual guide for this device lists them. It is disappointing that every port except 7547 is stealthed, and I cannot see a way of changing that from the Web Confgurator.

[burakkucat]

I prefer to use the ShieldsUP! software as an indicator of those areas that need further examination but not as the provider of an absolute, definitive, answer.

Hence I make an offer . . . something that I have done for other kitizens, in the past . . . Send me a PM, with details of your current IPv4 address and I will perform a remote nmap scan.

[j0hn]

If you wish the port to report stealth you will need to try restoring TR-069  in the maintenance menu. Disabling it should result in the outcome you desire.

[aam]

As the port is Closed I am assuming the TR-069 client is disabled. There are no options in the Maintenance menu for TR-069 or TR-064; even though the manual guide for this device lists them. It is disappointing that every port except 7547 is stealthed, and I cannot see a way of changing that from the Web Confgurator.

I wonder if you can use the instructions as described by highpriest for the VMG-8924 in an attempt to obtain the supervisor password: http://forum.kitz.co.uk/index.php/topic,19186.msg340936.html#msg340936
If so, you should be able to access or restore the TR-069 menu via the supervisor login. However, I'm not sure if the same commands are available via telnet for the VMG-3925 as it seems to be more similar to the VMG-1312 compared to the VMG-8924 so it may need something slightly different done.  I did try a VMG-3925 previously and I recall that it may have gone straight to a busybox prompt when you login via telnet.

[j0hn]

As far as I recall if the TR-069 menu is hidden by the Rom-D file then it remains hidden when logged in as supervisor.

[polymath]

burakkucat reply #19: Thanks for the offer. I am indulging in a bit of ticket tennis with ZyXEL Support at the moment. I will take the ZyXEL ticket to an end point before trying anything else.

[broadstairs]

Polymath I am wondering if you have got anywhere with ZyXEL? I have one of these routers and while the 7547 port is indeed stealth on mine I also have issues with the TR064 and TR-069 menu options missing plus my log fnction does not work despite the log being enabled. I also have a ticket open with ZyXEL but at present they are refusing to do anything as they are convinced my router must be an ISP one which as far as I am aware is simply not true.

Stuart