Child Item

Site Totals

61223 Questions Answered 267 Categories

Remote Administration throught port 4567

I have a D-link 2705B DSL Modem. I monitor the firewall security log and noticed from time to time Remote Administration being accepted throught port 4567(See log below). I check the incoming address and find that it is not a Verizon administration address(ie firmware upgrade) but one coming from RIPE in Amsterdam. Question is has anyone else seen this in their logs and how can I block the access to port 4567. I know Verizon uses that port for fireware upgrades/monitor. Very concerned that there is a security risk/exposure to port 4567

Apr 7 09:08:20 2017

Inbound Traffic

Accepted Traffic - Remote administration

TCP 91.197.234.22:49072->96.235.154.121:4567 on ppp0

Any input is appreciated

Comments

LostinSedona

Sorry forgot to add the firmware version for the D-link it's 5.4.12.1.44.2.1

dslr595148

#1 Do you have a separate OR a spare RJ-45 WAN port router?

#2 If so, what is the brand and model of your separate or spare RJ-45 WAN port router?

For example:

a) The Motorola SB6141 is my cable modem (Non modem combo).

b) Note where modem combo = modem and router all-in-one.

c) My separate router is my Linksys E4200 hardware version one and it is behind my modem.

d) I also have a spare Linksys WRT54G hardware version 2, not in use.

#3 If not to question 1, do you have a spare computer that is not in use that works that either has:

a) Two NICs

b) OR you can add a second NIC into the computer?

For example by a second NIC into the computer I mean a PCI NIC like the TRENDnet - Fast Ethernet PCI Adapter (Model: TE100-PCIWN).

Note: at least one of those two NICs, must be a wired NIC.

LostinSedona

Thanks for reponding. Not sure where your going with your suggestion. My concern is not with my intranet but someone accessing my D-Link Modem/Router using port 4567. The same port that Verizon uses to access the modem and/or router primarily for firmware upgrades.

To answer some of your questions I have several routers on intranet including a TP-LINK N750 & WT54G running dd-wrt firmware

As noted in the Security Log the address accessing the D-link modem is, in this case an IP address from the RIPE Network Coordination Centre (RIPE) in Amsterdam, not an assigned Verizon IP address. It appears to me that somehow someone is accessing D-Link Remote Administration through port 4567 even though remote admin is off and default user id & PW have been changed.

I just want to stop anyone from accessing the D-Link through port 4567.

drewko

You mean 2750b? When I was running that modem a year or two ago (have Fios now) I downloaded and installed the Dlink factory firmware from the Australian site. It gives you full access/control so you can enable useful features that are missing in the Verizon version, and disable TR-069 remote administration. Of course, you will then lose any remote troubleshooting or configuring service from Verizon, and not be able to go back to the VZ firmware. I never found that to be a problem; my factory firmware worked fine and provided diagnostic features not found on the VZ version. As I recall, you must have modem model "HW:T1" to accept the factory f/w.

dslr595148

Since you have separate or spare RJ-45 WAN port router(s), this is what I recommend:

#1 Connect the WAN/Internet/To Modem/To ONT - port of a separate or spare RJ-45 WAN port router to the modem.

#2 Put all of the computers behind that RJ-45 WAN port router.

#3 Disable Wireless in the modem combo.

#4 Put the modem combo into bridge mode.

As how to do that, go to http://setuprouter.com/router/dlink/dsl-2750b-verizon/manual-2256.pdf and see page 80.

#5 Once the modem combo is in bridge modem: Have nothing else other than the power line, phone line and that RJ-45 WAN port WAN port router connected to the modem.

#6 Reconfigure the RJ-45 WAN port router to handle the connection to the Internet (DHCP-PPPoE, Pure DHCP)

#7 Profit and you never have to worry about it again for your modem.

#8 As far as Transceiver Statistics (how strong the DSL Signal is coming down the wire from the ISP), your current modem sucks - as No Signal Info is provided..

b) If you want to see what I mean by that info on what Transceiver Statistics looks like, see for example

https://forums.verizon.com/t5/High-Speed-Internet/are-my-Transceiver-stats-any-good/td-p/380457

smith6612

Best way to block the remote access port is to bridge the modem. There's other ways by creating Firewall rules (You would need to set the Firewall setting to Custom). With the Firewall rule, you'd create a rule that states for "Any TCP/UDP request from anywhere, to Port 4567, Drop"

The firewall method can be iffy since sometimes, these firmware-embedded management ports override the firewall rules.

Child Item