Does your router have a backdoor?

[MentaL]

I just checked. I only have these ports on, 80 3306, 30000 and 30001.
Thanks anyways Dan!


Sent from my iPhone using

You must be registered to see links

Why would you keep port 3306 open? Bit of an amateurish mistake?

 

[שเ๒єtгเ๒є]

Why would you keep port 3306 open? Bit of an amateurish mistake?

There are many reasons to let ports open. I.e. using your PC to host an own written service that listens the port. Even when a port is open, the hackers need to know whats listening to it and need to find any exploit to the software to attack your PC.

As long as we know what ports are listened by what software, it's our own decision.
MentaL, when there is a hidden port open for the NSA (xD), what software is listening to it, what you think? Any software on the routers itself?

EDIT: What about netstat -a, you will not find it?

 

[PRIZM]

Why would you keep port 3306 open? Bit of an amateurish mistake?

Why not? It's for MySQL?

 

[MentaL]

Why not? It's for MySQL?

Because 3306 should always be kept local....

 

[שเ๒єtгเ๒є]

Because 3306 should always be kept local....

but keeping something local means not using it. ^^
is 3306 so popular to hackers or what?

 

[MentaL]

but keeping something local means not using it. ^^
is 3306 so popular to hackers or what?

Face palm...

Sent from my Galaxy Note 3

 

[Dave]

but keeping something local means not using it. ^^
is 3306 so popular to hackers or what?

Remote exploits.

 

[brandonsuxx]

Clean on Netgear WNDR3800.

If anyone needs help using/setting up Python, I'm here.

 

[Big G]

Best solution. Reformat PC. Wash out all RATs and Backdoor

 

[MentaL]

Best solution. Reformat PC. Wash out all RATs and Backdoor

Backdoor is not related to the PC, its the router.

 

[Rishwin]

Bahahahahaha how many morons can you fit in one thread? xD

 

[iceblade112]

Bahahahahaha how many morons can you fit in one thread? xD

There's more coming!
The next one will probably be "what's a router?"

 

[Rishwin]

No next will be "I just formatted, I'm safe" and they'll be like an admin of some MMO server

 

[Solaire]

This news is over 10 years old, first publicly posted

You must be registered to see links

.

I wouldn't be surprised if it's used by ISP's to push settings into the router or something similar, i doubt it's for NSA snooping lol.

Correct, there's more info to it in

You must be registered to see links

document. It's a shell that allows remote control, pretty sure it's for ISP's.

 

[שเ๒єtгเ๒є]

Face palm...

Sent from my Galaxy Note 3

Sry, router configuration / network systems are not my best ride. As I know a port is only open, when an application is listening to it. When there is no application that listens to the port, then it's not open. So I misunderstood something, because this open port is not a usual open port.

Remote exploits.

Reading

You must be registered to see links

and

You must be registered to see links

I finally got the line.
This open port grants access to the router configuration, not the PC system at all. So the software that is listening to the port is burned on the router (firmware). Sadly with the exploit everybody can get access to the routers configuration from outside without admin password. When anybody modifies anything i.e. port forwarding he can get access on the PC system, too.

Did I understand this right now? Please correct me when I'm wrong and stop the facepalm. >.>

This news is over 10 years old, first publicly posted

You must be registered to see links

.

Correct, there's more info to it in

You must be registered to see links

document. It's a shell that allows remote control, pretty sure it's for ISP's.

The last documentation is very horrible, but at the end your statement is correct.

So I hope the manufacturers will do something against the exploit. Or should we also really protect us against the services of the ISP?

 

[Rishwin]

K so i did a little data gathering today, we have the majority of our customers running Technicolor/Thompson/Alcatel routers and every single one of them has the default port for remote access into that router in the 32000-35000 range. Which to me, seems like a huge coincidence considering the range.

I am now 95% certain this port is used by the ISP to remotely access / remotely push settings into the router when required.

 

[fsjal]

Your router does not provide the port 32764 backdoor. Glückwunsch!
Motorola's safe I guess :blush:

it's not open on my end :L

With that emoticon, it seemed like you were disappointed.

 

[.Yoss.]

K so i did a little data gathering today, we have the majority of our customers running Technicolor/Thompson/Alcatel routers and every single one of them has the default port for remote access into that router in the 32000-35000 range. Which to me, seems like a huge coincidence considering the range.

I am now 95% certain this port is used by the ISP to remotely access / remotely push settings into the router when required.

If thomson used their routers to gather other data than firmware then they would probably be one of the few who would know how to do so reliably and in a sneaky way. Those french motherfuckers knew how to build a router and built them so well that it's probably one of the significant contributing factors that sent them into bankruptcy and although I could never obtain firmware for my router the default one and associated software is flawless and still works well today. Which says a lot.

Proud owner of 10 year old low-range thomson router and posting from it.

 

[KaitoDaumoto]

Temp clean for mine!

 

[Ashley Scott]

No backdoor on BT HomeHub 3.