23-04-2011 8h45 - edited 23-04-2011 8h46
Guess that's what could've happened
Yet at the time I was on ff3.6.14 or .15 and prior to posting about this, I dumped the lot - CCleaner, BetterPrivacy etc, loaded the exact same sites and couldn't see them being flagged this time.
(on ff4 now so I'll never know....or will I?)
30-06-2011 21h47 - edited 30-06-2011 21h52
I have had a look at this and found that BT use port 161 to carry out remote management on the Home Hub and the network. We manage customer devices so that they and any feature on them do not present any security issue.
The implementation of this does raise a few questions, perhaps leading to suggestions for improvement:
I don't argue that BT's access isn't legitimate - after all BT must comply with the Data Protection and Computer Misuse Act and other UK laws. Of greatest concern is possible exploit by those wishing to gain access to BT customers' networks. BT may have used other counter measures but given the track record and the three off the top of my head points above I don't hold high hopes of this. Reverse engineering of the firmware may yield any private keys and other cryptographic information.
As a possible safety measure for those of a more paranoid/cautious demenour it seems that forwarding 161 to a local machine (or an address not being used) stops it being available for access to the hub itself. It certainly DNATs the port through the destination IP - it's possible the hub still picks up magic packets and takes connections for itself. To Shields Up the port appears closed using this method so it does improve security a little. Of course, those who are paranoid and tech savvy enough to do this probably wouldn't want to use the HH anyway, so that means that the users who are at risk are the very ones BT is trying to help out.
01-07-2011 16h56 - edited 01-07-2011 16h58
I think that you have given a well balance reply here.
I would still want BT Retail moderators to say why they have 161 open and what they are going in the future to do to close it.
I have some contacts within BT so I might raise it with them.
22-09-2011 2h07 - edited 22-09-2011 3h07
I am rather surprised at BT's decision to make HH3 visible to the world. Most, if not all, hackers will get to know that all they have to do is scan port 161 throughout the BT address range to locate a victim. Port 161 is a deliberately induced flaw that can only lead to some poor soul having their day ruined by some @*&&£$$ in china getting hold of bank details. Although I'm no hacker I know that once a router responds to my scans I would have no problem having my wicked way with the contents of a hard drive.
As this security breach is being commented on more than just a few forums without so much as a whisper from BT I consider BT as being completely cavalier with their duty of care of their customer base.
A formal complaint has been logged with BT. If the results of that complaint does not include a completely stealthed router then my complaint will be taken to the next level
on 26-09-2011 13h11
on 26-09-2011 17h45
on 27-09-2011 15h51
The problem with all HH3's having the same port open is a hacker now only have to scan the BT address range for one port. Scanning a range of ports and my firewall will pick it up as an attack and block them for a year, scan only one and the firewall might not. The open port is the hackers light in the window. Once they see it the port will have done its job and need not be touched again, not with another 65535 service ports to play with. When that person moves on, whether they succeed or not, that light will bring in the next one, and the next, and so on. It's a problem that is unstoppable without a fully stealthed router.
12-10-2011 15h37 - edited 12-10-2011 15h51
i've recently moved and with bt being the fastest isp at my current address, found myself on BT. after running GRC's tests & seeing port 161 open, found this thread searching on 'bt home hub 3 port 161 open'.
after reading the above, i agree bt's reasons for leaving the port open and vulnerable are questionable.
i therefor went into the hub manager, went to port forwarding in the advanced settings, added a new supported application, named it snmp, on port 161. went back to the port fwd. config, added a snmp item to fwd to ip 192.168.1.111 (which does not exist on my network), applied it & re-tested with grc. all ports now show as stealthed.
just to be safe, i also have a 3rd party firewall (Outpost Security Suite 7.5.1) on my pc, and added a block to port 161 in the system rules for it.