Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

UPC/NTL well known major hole in home subscribers modems EPC2425

Options
  • 15-02-2010 2:08pm
    #1
    pato66
    Closed Accounts Posts: 7


    This is a nice one, for those that believe your NTL connection is 'secure' (not an NTL problem according to the company):

    This is incredible, 5' after having NTL broadband installed through the Cisco EPC2425 I decided to run a quick scan (from my old BT connection) against my public IP and found port 8080 open, with the modem administrative interface opened to the internet. I said 'ok, this must be a default setting I can change....', but ISPs always surprise you!

    5' later I found the default password for the admin user in this same site and was into the admin console, just to find there is no way to restrict access from the internet to this modem.

    After a call with NTL and being redirected to 'premium support' the guys at UPC confirmed that this is an 'intended feature' to allow them do remote admin of the routers and that it is not possible to disable this in any way.

    After discussing the implications for security of this setup, the formal answer from UPC is "This is a home user modem, therefore security is your responsibility, you need to place your own firewall behind the modem". Funny thing I explained a firewall would do nothing to prevent traffic from the internet coming into the modem's management interface, but the company answer again was 'the can just change your wifi password...' :S

    (but they forgot about trashing your port forwarding conf, reseting the modem, stealing knowledge about your internal network architecture, and that sort of 'harmless' things for UPC...)

    Incredible, I though BT and Eircom sucked, but these guys really made my day. I'm off to get my own cable modem now, just wanted to share my experience for those of you looking to change into NTL. The advice is go get your own kit.

    :mad:
    Tagged:


Comments

  • Options
    #2
    pizzahead77
    Registered Users Posts: 2,257 ✭✭✭pizzahead77


    pato66 wrote: »
    Incredible, I though BT and Eircom sucked, but these guys really made my day. I'm off to get my own cable modem now, just wanted to share my experience for those of you looking to change into NTL. The advice is go get your own kit.

    :mad:

    You can't - UPC will not allow you to connect a modem which has not been supplied by them to their netowrk. You are stuck with one of their modems.


  • Options
    #3
    yayamark
    Registered Users Posts: 2,013 ✭✭✭yayamark


    im on the 3 meg and use my own router


  • Options
    #4
    bricks
    Registered Users Posts: 443 ✭✭bricks


    I have the same Cisco thing at home also.
    The main problem with these kind of holes is that some joker makes a worm that messes up the settings on the routers automatically and takes out half of UPC's home users.
    I'd imagine they will update the firmware at some stage and block it.
    You should email theregister, they might put up an article on it and be able to get an official comment from UPC.


  • Options
    #5
    pato66
    Closed Accounts Posts: 7 pato66


    There's no way they can prevent you from establishing a pppoa connection, you just need the right settings for your modem.

    Btw, yayamark if you don't mind would you mind sharing the circuit configuration please?

    Thanks chaps.


  • Options
    #6
    pato66
    Closed Accounts Posts: 7 pato66


    You're right, that's the only way these companies actually fix something.

    I was thinking exactly the same thing, when the guy from support told me 'there's little you can do ...' I cited the example of 'you need a shell and curl, a 10 lines scripts to log into every single public ip on the UPC range with 8080 open, use the known password and then just reset the modem continuously', that's a good start for a denial of service... I can imagine all users ringing support at the same time...

    They just don't care about their customers.


  • Advertisement
  • Options
    #7
    bricks
    Registered Users Posts: 443 ✭✭bricks


    pato66 wrote: »
    There's no way they can prevent you from establishing a pppoa connection, you just need the right settings for your modem.

    Btw, yayamark if you don't mind would you mind sharing the circuit configuration please?

    Thanks chaps.

    I didn't think they used PPPOA with UPC.
    If you do get it working with another modem that would be handy tho.


  • Options
    #8
    Sponge Bob
    Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    once you logged in did you try the high access levels , level 3 and 2 ???. These give you more commands

    Check here http://www.boards.ie/vbulletin/showpost.php?p=64470125&postcount=14


  • Options
    #9
    gurramok
    Closed Accounts Posts: 13,992 ✭✭✭✭gurramok


    Sponge Bob wrote: »
    once you logged in did you try the high access levels , level 3 and 2 ???. These give you more commands

    Check here http://www.boards.ie/vbulletin/showpost.php?p=64470125&postcount=14

    When I tried that, I got page not found. They block IRC with the new router as well.

    And you can't find your hostname on this Cisco router!!


  • Options
    #10
    Sponge Bob
    Banned (with Prison Access) Posts: 25,234 ✭✭✭✭Sponge Bob


    gurramok wrote: »
    When I tried that, I got page not found. They block IRC with the new router as well.
    logged in as admin ???


  • Options
    #11
    bardcom
    Registered Users Posts: 290 ✭✭bardcom


    pato66 wrote: »
    5' later I found the default password for the admin user in this same site and was into the admin console, just to find there is no way to restrict access from the internet to this modem.
    Is there a separate password for the admin interface? What does it allow you do?


  • Advertisement
  • Options
    #12
    gurramok
    Closed Accounts Posts: 13,992 ✭✭✭✭gurramok


    Sponge Bob wrote: »
    logged in as admin ???

    I can't login as admin, whats the pwd?

    Also, i clicked the link in that post you linked and it immediately says page cannot be found, no prompts for login/pwd. Maybe I need to login as admin first?


  • Options
    #13
    pato66
    Closed Accounts Posts: 7 pato66


    Passwd has been posted here: http://www.boards.ie/vbulletin/showthread.php?p=58317782

    However the modem is different, this is an EPC2425. The one mentioned there is a 2203. I couldn't find the access levels mentioned in the thread, probably because those access levels are for the 2203 firmware...

    30' playing last night and I manage to reset my router through my BT connection using a 10 liner script w/curl... roughly speaking put that into a 1-254 loop and you cause a limited denial of service to your IP neighbors...

    NTL mailed me one of the old (non-wifi) atlanta routers, that they said 'don't have this issue'... will see :-)


  • Options
    #14
    pato66
    Closed Accounts Posts: 7 pato66


    Can you share your current router's config with us please? It would be good for people to have a few options :)


  • Options
    #15
    RangeR
    Registered Users Posts: 7,265 ✭✭✭RangeR


    Sponge Bob wrote: »
    once you logged in did you try the high access levels , level 3 and 2 ???. These give you more commands

    Check here http://www.boards.ie/vbulletin/showpost.php?p=64470125&postcount=14

    Sweet Jeebus. I is not impressed.

    I can't access the cable modem from outside my network. Maybe they closed it. I'm using the 2203 using epc2203-E10-5-v202r1262-080522c.bin


  • Options
    #16
    pato66
    Closed Accounts Posts: 7 pato66


    This is affecting the 'new' ones (got it yesterday), the EPC2425 rev.1 (wifi, 4 eths)

    No idea about the others...


  • Options
    #17
    zilog_jones
    Registered Users Posts: 6,641 ✭✭✭zilog_jones


    Just got UPC bb today and came across this thread, just an update:

    I was given a EPC2425, firmware revision epc2425-E10-5-v202r12812-100301cs_upc (I suspect the last 6 digits are the date in YYMMDD, so guess it's been updated since this thread)

    I've tried running nmap on my modem/router from an external source and this is the only thing it's reporting:

    PORT STATE SERVICE
    113/tcp closed auth

    The router's firewall also showed that it blocked the port scan I performed in the event log. I guess this ridiculous security hole has been fixed then?


  • Options
    #18
    blaz
    Registered Users Posts: 590 ✭✭✭blaz


    Go to http://192.168.1.1, login with you password. Click on Setup, then under Advanced settings click on Options. If "Remote Config Management" is disabled there then port 8080 is closed from the internet. That option has been there as long as I had my EPC2425 (about 8 months) so I have no idea what this thread is all about.


  • Options
    #19
    darconio
    Registered Users Posts: 932 ✭✭✭darconio


    blaz wrote: »
    Go to http://192.168.1.1, login with you password. Click on Setup, then under Advanced settings click on Options. If "Remote Config Management" is disabled there then port 8080 is closed from the internet. That option has been there as long as I had my EPC2425 (about 8 months) so I have no idea what this thread is all about.

    Do you have the password to accees that Advanced setup? I have myself a Cisco EPC2425 with FW epc2425-E10-5-v202r12812-100301cs_upc
    Thanks


  • Options
    #20
    blaz
    Registered Users Posts: 590 ✭✭✭blaz


    darconio wrote: »
    Do you have the password to accees that Advanced setup? I have myself a Cisco EPC2425 with FW epc2425-E10-5-v202r12812-100301cs_upc
    Thanks

    Not Advanced (tab at the top of the page), Advanced Settings (option on the "Setup" page). Those are two different things. You don't need anything else but the regular password you already have.


  • Options
    #21
    darconio
    Registered Users Posts: 932 ✭✭✭darconio


    blaz wrote: »
    Not Advanced (tab at the top of the page), Advanced Settings (option on the "Setup" page). Those are two different things. You don't need anything else but the regular password you already have.

    I got it, you mean this

    30lgkxs.jpg

    Was already disabled in mine :)


  • Advertisement
  • Options
    #22
    bricks
    Registered Users Posts: 443 ✭✭bricks


    The option doesn't seem to be in it when the modem is in bridge mode.
    Can anyone confirm that the remote admin is disabled in bridge mode?


  • Options
    #23
    Jonathan
    Moderators, Education Moderators, Home & Garden Moderators Posts: 8,109 Mod ✭✭✭✭Jonathan


    bricks wrote: »
    The option doesn't seem to be in it when the modem is in bridge mode.
    Can anyone confirm that the remote admin is disabled in bridge mode?
    You cannot access your cable modem externally when it bridge mode. When in bridge mode, all external requests go to your router (similar to setting your router as DMZ in non-bridging mode).

    The only way to access your cable modem externally would be to connect to a proxy on your router and then double back on yourself to the cable modem.

    Bridging mode essentially makes the cable modem invisible.


Advertisement