Confirming TR-069 is disabled

Discussions for BiPAC 8900 series: 8900AX-1600, 8900AX-2400, 8900X
Post Reply
Trillionaire
Posts: 2
Joined: Sat May 16, 2020 4:08 pm

Confirming TR-069 is disabled

Post by Trillionaire »

While taking a look at the security log on my router I noticed an attempt to get in on port 7547 which I believe is the TR-069 client.

Jan 30 03:19:45 kern alert kernel: Intrusion -> TCP packet from [ppp1.1] 47.90.136.91:65349 to aaa.bbb.ccc.ddd:7547

How do I confirm the TR-069 is disabled as I don't understand it's settings. I've attached a screenshot of the settings I can see. I've masked my IP address in the "Connection Request URL"
8900Router-TR069.PNG
Thanks in advance
You do not have the required permissions to view the files attached to this post.
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: Confirming TR-069 is disabled

Post by billion_fan »

Trillionaire wrote: Mon Jan 31, 2022 2:04 am While taking a look at the security log on my router I noticed an attempt to get in on port 7547 which I believe is the TR-069 client.

Jan 30 03:19:45 kern alert kernel: Intrusion -> TCP packet from [ppp1.1] 47.90.136.91:65349 to aaa.bbb.ccc.ddd:7547

How do I confirm the TR-069 is disabled as I don't understand it's settings. I've attached a screenshot of the settings I can see. I've masked my IP address in the "Connection Request URL"

8900Router-TR069.PNG

Thanks in advance
From looking at the screen capture TR-069 settings are on default meaning disabled.

You can always run a port scan on port 7547 to double check
Trillionaire
Posts: 2
Joined: Sat May 16, 2020 4:08 pm

Re: Confirming TR-069 is disabled

Post by Trillionaire »

Thank you billion_fan, based on your suggestion I did a port scan on both the internal and external addresses of my router and the port

Internal IP address
telnet 192.168.1.254 7547
Connecting To 192.168.1.254...Could not open connection to the host, on port 7547: Connect failed

External IP address - masked
telnet aaa.bbb.ccc.ddd 7547
Connecting To aaa.bbb.ccc.ddd...Could not open connection to the host, on port 7547: Connect failed

I also did a port scan via shields up that didn't show anything open

I'm not sure if the port number I checked was the correct port. I got the port number for TR-069 from here https://censys.io/blog/cwmp/
However I see on the Management page there's a Connection Request URL with the external IP address of my router and a port of 30005.

Which port is correct?
billion_fan
Posts: 5374
Joined: Tue Jul 19, 2011 4:30 pm

Re: Confirming TR-069 is disabled

Post by billion_fan »

Trillionaire wrote: Mon Jan 31, 2022 11:10 pm Thank you billion_fan, based on your suggestion I did a port scan on both the internal and external addresses of my router and the port

Internal IP address
telnet 192.168.1.254 7547
Connecting To 192.168.1.254...Could not open connection to the host, on port 7547: Connect failed

External IP address - masked
telnet aaa.bbb.ccc.ddd 7547
Connecting To aaa.bbb.ccc.ddd...Could not open connection to the host, on port 7547: Connect failed

I also did a port scan via shields up that didn't show anything open

I'm not sure if the port number I checked was the correct port. I got the port number for TR-069 from here https://censys.io/blog/cwmp/
However I see on the Management page there's a Connection Request URL with the external IP address of my router and a port of 30005.

Which port is correct?
it should be 30005
Post Reply