quick menu

Remote Administration throught port 4567

Remote Administration throught port 4567

Reply
Contributor LostinSedona
Contributor
Posts: 3
Registered: ‎04-07-2017
Message 1 of 7
(2,660 Views)

I have a D-link 2705B DSL Modem.  I monitor the firewall security log and noticed from time to time Remote Administration being accepted throught port 4567(See log below).  I check the incoming address and find that it is not a Verizon administration address(ie firmware upgrade) but one coming from RIPE in Amsterdam.  Question is has anyone else seen this in their logs and how can I block the access to port 4567.    I know Verizon uses that port for fireware upgrades/monitor.  Very concerned that there is a security risk/exposure to port 4567

Apr 7 09:08:20 2017Inbound TrafficAccepted Traffic - Remote administrationTCP 91.197.234.22:49072->96.235.154.121:4567 on ppp0

Any input is appreciated

6 REPLIES 6
Contributor LostinSedona
Contributor
Posts: 3
Registered: ‎04-07-2017
Message 2 of 7
(2,650 Views)

Sorry forgot to add the firmware version for the D-link it's 5.4.12.1.44.2.1

 

Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 5,699
Registered: ‎09-24-2008
Message 3 of 7
(2,577 Views)

#1 Do you have a separate OR a spare RJ-45 WAN port router?

#2 If so, what is the brand and model of your separate or spare RJ-45 WAN port router?

For example:

a) The Motorola SB6141 is my cable modem (Non modem combo).

b) Note where modem combo = modem and router all-in-one.

c) My separate router is my Linksys E4200 hardware version one and it is behind my modem.

d) I also have a spare Linksys WRT54G hardware version 2, not in use.

#3 If not to question 1, do you have a spare computer that is not in use that works that either has:

a) Two NICs

b) OR you can add a second NIC into the computer?

For example by a second NIC into the computer I mean a PCI NIC like the TRENDnet - Fast Ethernet PCI Adapter (Model: TE100-PCIWN).

Note: at least one of those two NICs, must be a wired NIC.

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

Contributor LostinSedona
Contributor
Posts: 3
Registered: ‎04-07-2017
Message 4 of 7
(2,541 Views)

Thanks for reponding.  Not sure where your going with your suggestion.  My concern is not with my intranet but someone accessing my D-Link Modem/Router using port 4567.  The same port that Verizon uses to access the modem and/or router primarily for firmware upgrades.

 

To answer some of your questions I have several routers on intranet including a TP-LINK N750 & WT54G running dd-wrt firmware

 

As noted in the Security Log the address accessing the D-link modem is, in this case an IP address from the RIPE Network Coordination Centre (RIPE)  in Amsterdam,  not an assigned Verizon IP address.  It appears to me that somehow someone is accessing D-Link Remote Administration through port 4567 even though remote admin is off and default user id & PW have been changed.

 

I just want to stop anyone from accessing the D-Link through port 4567.

Contributor drewko
Contributor
Posts: 5
Registered: ‎10-05-2014
Message 5 of 7
(2,494 Views)

You mean 2750b? When I was running that modem a year or two ago (have Fios now) I downloaded and installed the Dlink factory firmware from the Australian site. It gives you full access/control so you can enable useful features that are missing in the Verizon version, and disable TR-069 remote administration. Of course, you will then lose any remote troubleshooting or configuring service from Verizon, and not be able to go back to the VZ firmware. I never found that to be a problem; my factory firmware worked fine and provided diagnostic features not found on the VZ version. As I recall, you must have modem model "HW:T1" to accept the factory f/w.

Gold Contributor VII Gold Contributor VII
Gold Contributor VII
Posts: 5,699
Registered: ‎09-24-2008
Message 6 of 7
(2,347 Views)

Since you have separate or spare RJ-45 WAN port router(s), this is what I recommend:

 

#1 Connect the WAN/Internet/To Modem/To ONT - port of a separate or spare RJ-45 WAN port router to the modem.

 

#2 Put all of the computers behind that RJ-45 WAN port router.

 

#3 Disable Wireless in the modem combo.

 

#4 Put the modem combo into bridge mode.

 

As how to do that, go to http://setuprouter.com/router/dlink/dsl-2750b-verizon/manual-2256.pdf and see page 80.

 

#5 Once the modem combo is in bridge modem: Have nothing else other than the power line, phone line and that RJ-45 WAN port WAN port router connected to the modem.

 

#6 Reconfigure the RJ-45 WAN port router to handle the connection to the Internet (DHCP-PPPoE, Pure DHCP)

 

#7 Profit and you never have to worry about it again for your modem.

 

#8 As far as Transceiver Statistics (how strong the DSL Signal is coming down the wire from the ISP), your current modem sucks - as No Signal Info is provided..

 

b) If you want to see what I mean by that info on what Transceiver Statistics looks like, see for example

 

https://forums.verizon.com/t5/High-Speed-Internet/are-my-Transceiver-stats-any-good/td-p/380457

If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.


 

Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,309
Registered: ‎12-15-2010
Message 7 of 7
(2,339 Views)

Best way to block the remote access port is to bridge the modem. There's other ways by creating Firewall rules (You would need to set the Firewall setting to Custom). With the Firewall rule, you'd create a rule that states for "Any TCP/UDP request from anywhere, to Port 4567, Drop"

 

The firewall method can be iffy since sometimes, these firmware-embedded management ports override the firewall rules.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.


Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.
 

My Verizon

  • Add or Change Plan
  • Suspend My Service
  • Apps

Support

Watch Fios