Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: deanfourie on July 06, 2015, 08:10:00 AM

Title: Port 6699 open on vodafone router
Post by: deanfourie on July 06, 2015, 08:10:00 AM
Hey guys, I have an usuaual situation here.

I have a vodafone router, It came default with open authentication to login to the web interface.

I have found port 6699 open, and I have been through, checked all NAT forwards, NAT translations and also if theres a DMZ specified. Ive also done a NAMP scan on all local hosts to see it any have listening connections on that port, none.

So, im thinking someone has gone in and opened port 6699 in the backend config. I would imagine this is quite easy with open login and a simple line of code executed with a backdoor or whatever.

My last resort which I haven't tried yet is to default the router, and hope that sorts the problem, but I live in a flat with 5 odd people so its kind of hard to find a opportunity to default the router.


Any Ideas? Should I be worried?

Cheers
Title: Re: Port 6699 open on vodafone router
Post by: deanwebb on July 06, 2015, 10:12:32 AM
6699 is used for Napster and WinMX p2p, but also for some trojans. I'd say close it off to be safe.
Title: Re: Port 6699 open on vodafone router
Post by: deanfourie on July 06, 2015, 10:25:55 AM
Thats the issue. According to the router its not open?

Im trying to get a background on this router? Is it easy to exploit?

Also how is this port open if theres no node/service running or listenning for a connection on my network?

From my understanding, and please correct me if im wrong, but a host, PC or the router, must be listenning for a connection on that port for it to be open?

Thanks for the reply
Title: Re: Port 6699 open on vodafone router
Post by: deanwebb on July 06, 2015, 10:42:27 AM
No, if the port is open then it will permit communications on that port. Whenever something is ready to send or receive on that port, then the router is ready to permit it.

I would reset it and then make sure to change the admin account and password from the default to prevent back-door openings again.

As for the flatmates, tell them in advance when you're making the change, do it soon, and let them know that it is for security and that it must impact performance for safety's sake. If they don't like it, have them log on here and take it up with me.
Title: Re: Port 6699 open on vodafone router
Post by: deanfourie on July 06, 2015, 06:48:14 PM
Thanks, ill give it a default.

I find it stupid these routers are pushed out with no basic security.

Having said that, my own fault for not changing the password and being nlmore onto it
Title: Re: Port 6699 open on vodafone router
Post by: Otanx on July 07, 2015, 11:06:34 AM
Also probably want to update the firmware when you default the config. A lot of vulnerabilities have been coming out on these SOHO routers recently.

-Otanx
Title: Re: Port 6699 open on vodafone router
Post by: icecream-guy on July 07, 2015, 02:10:15 PM
Quote from: Otanx on July 07, 2015, 11:06:34 AM
Also probably want to [brick your router] when you default the config. A lot of vulnerabilities have been coming out on these SOHO routers recently.

-Otanx

There, fixed that for you.   :problem?:
Text only | Text with Images