Reply to post: Re: Security device has security bug.

Ivanti Sentry exploited in the wild, patches emitted

Anonymous Coward
Anonymous Coward

Re: Security device has security bug.

On my CenturyLink modem/router, the TR-069 administration port (4567) was world-accessible. I found this out by doing a port-scan from a free website (so fully external, not LAN/WAN or inside CenturyLink's network). No one at CenturyLink I managed to talk to had ever heard of this (thank you Tier -1 tech support), but I found several websites documenting it. As it was bonded DSL, there were only a couple models in existence that could cope with that type of connection, so buying my own was pretty much out of the question.

One of these days someone will figure out how to get into these, and suddenly there will be a massive botnet made of them. I'm now on T-Mobile with a non-publicly-addressable modem.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon