[TriLUG] open ports on Uverse 2wire gateway -- revisited

James Jones jc.jones at tuftux.com
Mon Feb 3 23:20:53 EST 2014


I'm BACK!

Finally got Uverse to send a tech out with the final result -- changed
out the Gateway with a slightly different model. For about one minute,
the open ports were stealth, until Uverse did an "update"  to the box.
Then all the open ports were back again.

my nmap scan resulted in this:

PORT      STATE         SERVICE     VERSION
21/tcp    filtered      ftp
22/tcp    filtered      ssh
23/tcp    filtered      telnet
80/tcp    filtered      http
443/tcp   filtered      https
49152/tcp open       unknown
61001/tcp open       ssl/unknown

49152 and 61001 are the problem ports. I realize that this may be
ports used by Uverse, but Security Metrics say that a vulnerability
exists on 61001.

nmap says also: 2 services unrecognized despite returning data. If you
know the service/version, please submit the following fingerprints at
http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
The two ports that services are talking about are 49152 and 61001.

I suspect that security metrics would pass the account if the two open
ports were patched to cover the vulnerabilities that Security Metrics
see.

By the way, My home Uverse box has the same open ports as this
business account has.

Uverse has, so far, not recognized the open port problem that can
allow a "man in the middle" instance.

I plan another session with Uverse tomorrow.

jcj



-- 
Jc Jones
Blogs -
http://www.wendellgeek.com/weblog/
http://www.wendellgeek.com/kixtech/


More information about the TriLUG mailing list