Page 1 of 1
Confirming TR-069 is disabled
Posted: Mon Jan 31, 2022 2:04 am
by Trillionaire
While taking a look at the security log on my router I noticed an attempt to get in on port 7547 which I believe is the TR-069 client.
Jan 30 03:19:45 kern alert kernel: Intrusion -> TCP packet from [ppp1.1] 47.90.136.91:65349 to aaa.bbb.ccc.ddd:7547
How do I confirm the TR-069 is disabled as I don't understand it's settings. I've attached a screenshot of the settings I can see. I've masked my IP address in the "Connection Request URL"
8900Router-TR069.PNG
Thanks in advance
Re: Confirming TR-069 is disabled
Posted: Mon Jan 31, 2022 9:52 am
by billion_fan
Trillionaire wrote: ↑Mon Jan 31, 2022 2:04 am
While taking a look at the security log on my router I noticed an attempt to get in on port 7547 which I believe is the TR-069 client.
Jan 30 03:19:45 kern alert kernel: Intrusion -> TCP packet from [ppp1.1] 47.90.136.91:65349 to aaa.bbb.ccc.ddd:7547
How do I confirm the TR-069 is disabled as I don't understand it's settings. I've attached a screenshot of the settings I can see. I've masked my IP address in the "Connection Request URL"
8900Router-TR069.PNG
Thanks in advance
From looking at the screen capture TR-069 settings are on default meaning disabled.
You can always run a port scan on port 7547 to double check
Re: Confirming TR-069 is disabled
Posted: Mon Jan 31, 2022 11:10 pm
by Trillionaire
Thank you billion_fan, based on your suggestion I did a port scan on both the internal and external addresses of my router and the port
Internal IP address
telnet 192.168.1.254 7547
Connecting To 192.168.1.254...Could not open connection to the host, on port 7547: Connect failed
External IP address - masked
telnet aaa.bbb.ccc.ddd 7547
Connecting To aaa.bbb.ccc.ddd...Could not open connection to the host, on port 7547: Connect failed
I also did a port scan via shields up that didn't show anything open
I'm not sure if the port number I checked was the correct port. I got the port number for TR-069 from here
https://censys.io/blog/cwmp/
However I see on the Management page there's a Connection Request URL with the external IP address of my router and a port of 30005.
Which port is correct?
Re: Confirming TR-069 is disabled
Posted: Tue Feb 01, 2022 9:50 am
by billion_fan
Trillionaire wrote: ↑Mon Jan 31, 2022 11:10 pm
Thank you billion_fan, based on your suggestion I did a port scan on both the internal and external addresses of my router and the port
Internal IP address
telnet 192.168.1.254 7547
Connecting To 192.168.1.254...Could not open connection to the host, on port 7547: Connect failed
External IP address - masked
telnet aaa.bbb.ccc.ddd 7547
Connecting To aaa.bbb.ccc.ddd...Could not open connection to the host, on port 7547: Connect failed
I also did a port scan via shields up that didn't show anything open
I'm not sure if the port number I checked was the correct port. I got the port number for TR-069 from here
https://censys.io/blog/cwmp/
However I see on the Management page there's a Connection Request URL with the external IP address of my router and a port of 30005.
Which port is correct?
it should be 30005