ISP router backdoor

[toolbox331]

Hey guys, i've been using the isp router for quite some time and for my lack of experience and knowledge at the time i know now that they have remote acess to it to perform updates... well atleast that's what they told me... I was wondering if i buy a router and use that instead, can it prevent them from doing such action, snooping etc? And until i have a chance to get one if i block the isp ip's that are constantly connecting when i browse will that prevent in some degree the data leakage. Can you guys recommend me a good but cheap router? Also since we're on the topic i use peerblock and bitdefender security suite and it seems to do the job but i was wondering what software you guys use or recommend. Thank you

[Trogdor]

What you are referring to is TR-069. It is supposedly used by your ISP to 'update firmware' automatically using their AutoConfigurationServer. It is an extremely invasive system as you have no control over content delivered to your router. There is an authentication page(open in browser) on that port that has a default password giving access to the entire server(tons of routers, successful bruteforce would destroy an ISP). There is no way to block the IP of the ACS, or to close the listening port. The ISP relies on the user not knowing anything about the system to get away with it. The only fix is to buy a fresh router that IS NOT provided by your ISP, and refuse any and all cnnections from the current listening port. Any router will do fine, as long as you buy it separately from your ISP.

[Trogdor]

@dotszilla they probably wouldn't do anything malicious, but anyone with the ISP password could force all routers on that ACS to update with malicious firmware.

[Trogdor]

Anytime you use a router supplied by an ISP(they're free for this reason), the backdoor is enabled and unavoidable.

[gray-fox]

I was wondering if i buy a router and use that instead, can it prevent them from doing such action, snooping etc?
And until i have a chance to get one if i block the isp ip's that are constantly connecting when i browse will that prevent in some degree the data leakage.

I don't kind of understand, in this case, what it helps if you block your isp's connection  to that "backdoor", because when you browse (with browsing you propably meant browsing interwebs?) ,  you are anyways sending your browsing data "to them". After all it's your internet service provider we are speaking of here.  I understand generally that you don't want your isp to have backdoor to your router/modem but in this particular case it doesn't imo do any difference.

Btw, if you do what 2460h1 suggested and take isp's router off completly, you should make sure you can spoof/clone your new routers/modem mac address to have old ones(=isp's router) address. Many isp's(at least where i live) that supplies routers to their customers, "link" the internet acces so it's only available when connection is made through their router/modem and it's ofc. verified by mac-address. Maybe tho every modern router has mac spoofing option these days, don't know. All my routers have had, if i can remember correctly.

[gray-fox]

Buy your own router, and use a VPN to stop them from snooping.


If you simply call them to activate the new one instead does it make any real difference in what they can access or do?

Propably not, i just personally hate too much to queue those isp's help numbers..[emoji14] No seriously i was meaning to say it as other option but simply forget it..

[Trogdor]

The ISP can always snoop your traffic(unless you use VPN or tor). This situation is a matter of forced firmware updates to the router.

[Trogdor]

my mistake

[proxx]

Play nice , disagree all you want but this is no place for random flame wars.

> back-on-topic

[KingCasra]

Get a discrete router not from your ISP and close the litening port.

[RedBullAddicted]

Ok, thats enough bullshit for one thread. Sure it is allowed to discuss things and sure there will be things you disagree with. But there is no need to get verbally abusive. There are other ways to point out that you do not agree with something without getting overly offensive and insulting (a little bit is ok). Think about it.