Port 6699 open on vodafone router

Started by deanfourie, July 06, 2015, 08:10:00 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

deanfourie

July 06, 2015, 08:10:00 AM
Hey guys, I have an usuaual situation here.

I have a vodafone router, It came default with open authentication to login to the web interface.

I have found port 6699 open, and I have been through, checked all NAT forwards, NAT translations and also if theres a DMZ specified. Ive also done a NAMP scan on all local hosts to see it any have listening connections on that port, none.

So, im thinking someone has gone in and opened port 6699 in the backend config. I would imagine this is quite easy with open login and a simple line of code executed with a backdoor or whatever.

My last resort which I haven't tried yet is to default the router, and hope that sorts the problem, but I live in a flat with 5 odd people so its kind of hard to find a opportunity to default the router.


Any Ideas? Should I be worried?

Cheers

deanwebb

#1
July 06, 2015, 10:12:32 AM
6699 is used for Napster and WinMX p2p, but also for some trojans. I'd say close it off to be safe.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

deanfourie

#2
July 06, 2015, 10:25:55 AM
Thats the issue. According to the router its not open?

Im trying to get a background on this router? Is it easy to exploit?

Also how is this port open if theres no node/service running or listenning for a connection on my network?

From my understanding, and please correct me if im wrong, but a host, PC or the router, must be listenning for a connection on that port for it to be open?

Thanks for the reply

deanwebb

#3
July 06, 2015, 10:42:27 AM
No, if the port is open then it will permit communications on that port. Whenever something is ready to send or receive on that port, then the router is ready to permit it.

I would reset it and then make sure to change the admin account and password from the default to prevent back-door openings again.

As for the flatmates, tell them in advance when you're making the change, do it soon, and let them know that it is for security and that it must impact performance for safety's sake. If they don't like it, have them log on here and take it up with me.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

deanfourie

#4
July 06, 2015, 06:48:14 PM
Thanks, ill give it a default.

I find it stupid these routers are pushed out with no basic security.

Having said that, my own fault for not changing the password and being nlmore onto it

Otanx

#5
July 07, 2015, 11:06:34 AM
Also probably want to update the firmware when you default the config. A lot of vulnerabilities have been coming out on these SOHO routers recently.

-Otanx

icecream-guy

#6
July 07, 2015, 02:10:15 PM
Quote from: Otanx on July 07, 2015, 11:06:34 AM
Also probably want to [brick your router] when you default the config. A lot of vulnerabilities have been coming out on these SOHO routers recently.

-Otanx

There, fixed that for you.   :problem?:
:professorcat:

My Moral Fibers have been cut.
Print
Go Up Pages1
User actions