Superhub Telnet
 

Just spotted an interesting entry in the event log on my Superhub:-

Thu Dec 29 11:43:00 2011 Critical (3) Telnet login failed from 210.61.240.52.


I find that indeed the superhub is running a telnet server, which appears to be accessible via the WAN IP address. the normal admin login doesn't work though. Hopefully there isn't a standard login as this woudl seem to be a security risk.

Re: Superhub Telnet
 

The ip resolves to

CHUNGHWA-TELECOM-TP-TW

Re: Superhub Telnet
 

Yup I suspect a portscan found it. Is there a way to disable telnet from the WAN port?

Re: Superhub Telnet
 

it should already be off so looks like a bug, VM went to great effort to lockout ssh/telnet access.

Re: Superhub Telnet
 

From what I remember of it you could access it from the standard port 23 on the LAN side - I don't recall ever trying or seeing it mentioned that WAN access was possible at all. IMO any WAN access using any protocol is a potential security breach - didn't O2 suffer some stick for an open port on their Thomson router?

Re: Superhub Telnet
 

It is definitely accessible from both the LAN and WAN side of the Superhub. This is running the business service firmware though. Version 5.5.2R04-BU

I am not sure if this is based on te R04 build of the residential firmware or is a totally new build stream. It does not have modem mode, but does have oter features like L2TP tunnel config options under Basic Settings. SSH is disabled which implies it is more aligned to a later version, however does respond to a port 23 connection with:-

Netgear Embedded Telnet Server (c) 2000-2007

WARNING: Access allowed by authorized users only.

Login:

Re: Superhub Telnet
 

If it uses the standard port then simply running Gibson's "Shields up" will expose it. I've even got a smartphone app that scans ports on the LAN but don't have a Superhub to check what the current firmware does.

Re: Superhub Telnet
 

Well it exposes itself with that login banner....

Re: Superhub Telnet
 

If you wish to PM the IP address of the hub I'll check to see if the port is open

Re: Superhub Telnet
 

Technically, I've broken VM's ToS with this, which specifically prohibits portscanning, but..

No telnet port open here, and Im on a superhub, firmware V5.5.2R30.

Yes, I know port 22 is open, I specifically opened it.

Re: Superhub Telnet
 

He's on a business hub not a residential hub so different firmware

Re: Superhub Telnet
 

Ah, okay, I missed that bit.

Re: Superhub Telnet
 

On the two IP's sent to me I get no response on SSH or Telnet

Re: Superhub Telnet
 

That was the business hub - I was interested to know if they'd made yet another error with the standard hub which is in half a million homes...

Re: Superhub Telnet
 

Thanks for testing Kymmy. I do get a login from the first of the two IP addresses I sent out and also the internal one.

I wonder if some filtering is going on somewhere as the event log has now two rejected Telnet logins from different external IP addresses.