While taking a look at the security log on my router I noticed an attempt to get in on port 7547 which I believe is the TR-069 client.
Jan 30 03:19:45 kern alert kernel: Intrusion -> TCP packet from [ppp1.1] 47.90.136.91:65349 to aaa.bbb.ccc.ddd:7547
How do I confirm the TR-069 is disabled as I don't understand it's settings. I've attached a screenshot of the settings I can see. I've masked my IP address in the "Connection Request URL"
Thanks in advance
Confirming TR-069 is disabled
-
Trillionaire
- Posts: 2
- Joined: Sat May 16, 2020 4:08 pm
Confirming TR-069 is disabled
You do not have the required permissions to view the files attached to this post.
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: Confirming TR-069 is disabled
From looking at the screen capture TR-069 settings are on default meaning disabled.Trillionaire wrote: ↑Mon Jan 31, 2022 2:04 am While taking a look at the security log on my router I noticed an attempt to get in on port 7547 which I believe is the TR-069 client.
Jan 30 03:19:45 kern alert kernel: Intrusion -> TCP packet from [ppp1.1] 47.90.136.91:65349 to aaa.bbb.ccc.ddd:7547
How do I confirm the TR-069 is disabled as I don't understand it's settings. I've attached a screenshot of the settings I can see. I've masked my IP address in the "Connection Request URL"
8900Router-TR069.PNG
Thanks in advance
You can always run a port scan on port 7547 to double check
-
Trillionaire
- Posts: 2
- Joined: Sat May 16, 2020 4:08 pm
Re: Confirming TR-069 is disabled
Thank you billion_fan, based on your suggestion I did a port scan on both the internal and external addresses of my router and the port
Internal IP address
telnet 192.168.1.254 7547
Connecting To 192.168.1.254...Could not open connection to the host, on port 7547: Connect failed
External IP address - masked
telnet aaa.bbb.ccc.ddd 7547
Connecting To aaa.bbb.ccc.ddd...Could not open connection to the host, on port 7547: Connect failed
I also did a port scan via shields up that didn't show anything open
I'm not sure if the port number I checked was the correct port. I got the port number for TR-069 from here https://censys.io/blog/cwmp/
However I see on the Management page there's a Connection Request URL with the external IP address of my router and a port of 30005.
Which port is correct?
Internal IP address
telnet 192.168.1.254 7547
Connecting To 192.168.1.254...Could not open connection to the host, on port 7547: Connect failed
External IP address - masked
telnet aaa.bbb.ccc.ddd 7547
Connecting To aaa.bbb.ccc.ddd...Could not open connection to the host, on port 7547: Connect failed
I also did a port scan via shields up that didn't show anything open
I'm not sure if the port number I checked was the correct port. I got the port number for TR-069 from here https://censys.io/blog/cwmp/
However I see on the Management page there's a Connection Request URL with the external IP address of my router and a port of 30005.
Which port is correct?
-
billion_fan
- Posts: 5398
- Joined: Tue Jul 19, 2011 4:30 pm
Re: Confirming TR-069 is disabled
it should be 30005Trillionaire wrote: ↑Mon Jan 31, 2022 11:10 pm Thank you billion_fan, based on your suggestion I did a port scan on both the internal and external addresses of my router and the port
Internal IP address
telnet 192.168.1.254 7547
Connecting To 192.168.1.254...Could not open connection to the host, on port 7547: Connect failed
External IP address - masked
telnet aaa.bbb.ccc.ddd 7547
Connecting To aaa.bbb.ccc.ddd...Could not open connection to the host, on port 7547: Connect failed
I also did a port scan via shields up that didn't show anything open
I'm not sure if the port number I checked was the correct port. I got the port number for TR-069 from here https://censys.io/blog/cwmp/
However I see on the Management page there's a Connection Request URL with the external IP address of my router and a port of 30005.
Which port is correct?