topic Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit in Archive

2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

stripey — Sat, 06 Oct 2012 13:46:40 GMT

We have a 2wire as follows, how can we close it/disable it?

thanks in advance

Model:    BT2700HGV
Hardware Version:    2701-100589-005
Firmware Version:    6.3.9.63-plus.tm

It is failing a security audit due to port 50001 being open for TCP (was used by 2wire for remote diagnostics but is now a know security issue):

Title: TLS Protocol Session Renegotiation Security Vulnerability Impact: The vulnerability allows man-in-the-middle attack.

Resolution: For OpenSSL, [http://www.openssl.org/source/] upgrade to 0.9.8l or higher. For Microsoft IIS web servers, install the appropriate patch available through [http://technet.microsoft.com/en- us/security/bulletin/MS10-049] Microsoft Security Bulletin 10-049. For other types of products, consult the product documentation.

Risk Factor: Medium/ CVSS2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE: CVE-2009-3555 BID: 36935

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

Stephenc — Mon, 08 Oct 2012 13:12:58 GMT

Hi stripey,

There is no way to close this portit is open for firmware upgrades I believe. Certain other models also use 3479. The only option if this is required to be closed, would be to buy a 3rd party router.

Thanks,

Steve

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

stripey — Tue, 09 Oct 2012 18:14:29 GMT

I understand that BT have raised this issue with 2Wire (Pace) and are awaiting a fix from them, is there are details of when this might be available?

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

Stephenc — Tue, 09 Oct 2012 18:46:59 GMT

Hi Stripey,

I was not aware this had been raised, its been queried in the past and we'd been informed it was open by design, certain models also have port 3479 open too.

I'll doublecheck this for you first thing tomorrow, incase that is the case, but last I heard it was open by design.

I'll post up tomorrow at some point and let you know.

Thanks,

Steve

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

Stephenc — Wed, 10 Oct 2012 12:04:17 GMT

Hi Stripey,

I've had a discussion with the other guys here and unless this has been raised at a higher level, which I don't imagine it has.

The only request we are aware of that was raised to 2wire recently was to try and get a disclosure to say there was no security risk from port 50001 being open. However I've not heard of any plans to close the port. They would need it open to upgrade the firmware.

Thanks,

Steve

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

maslerdanch — Wed, 24 Oct 2012 21:43:31 GMT

Is there any further news on this? Rang the BT Helpdesk and they were unaware of it. I was advised to buy a specific router by BT that doesn't work. Can anyone reccommend an adsl2 router to do the job that would replace the 2wire router. We have a static IP and two V-IP phones running through the router and a BT Versatility Broadband module.

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

maslerdanch — Thu, 25 Oct 2012 09:33:25 GMT

Did you find a solution Stripey?

BT have told me I need to purchase a router and install it. We have V-IP phones and a static IP. It's not, quite frankly, the best thing for a business account.

Can anyone reccommend a router that can support

VOIP and V-IP phones
Port Forwarding
Closing all ports (inc. 50001)
Firewall

Cheers

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

gtompkins — Tue, 30 Oct 2012 12:33:50 GMT

Hi,

We too have this issue and have been told by BT that they are currently looking into this. They suggested a third party router but this is something I would only do as a very last resort. We will be charged £50 per month by HSBC's Security Metrics if we fail to pass the scan, so we are keen to get this resolved asap.

Are there any updates from BT yet?

Thanks,

Graham

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

Stephenc — Sat, 03 Nov 2012 11:41:27 GMT

Hi there,

Last I heard on this was, BT have no intention of closing the port, however, most security companies just need to verify that the port has no security risks, one such company has recently tested this and found this to be the case, it needs to be tested on a wider scale, but if such companies become satisfied that there are no risks with this port the security checks should stop failing.

Thanks,

Steve

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

TheMightyBox — Mon, 12 Nov 2012 11:07:42 GMT

I don't think it's a matter of getting it tested on a wider scale, the various security companies have got it right.

We currently have a fail on our automated scans, despite our website being fine, all due to our broadband connection having an open port on the router that I cannot close.

I've now found out that open port gives a third party the ability to alter the router without my knowledge, possibly introducing a man-in-the-middle attack, I don't see how anyone could argue that isn't a major security flaw.

Can anyone recommend an alternative router?

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

markp — Mon, 12 Nov 2012 11:32:41 GMT

Hi All,

We have been investigating this issue with the Security Metrix scan showing port 50001 as open. This has now been confimred as a fault with the software that the Security Metrix scan is using and not a fault with the BT routers.

If you are having this problem you will need to report this back to Security Metrix.

Regards

Markp

BT Business Forum Moderator

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

TheMightyBox — Mon, 12 Nov 2012 12:21:31 GMT

Hi Mark,

Who confirmed this software fault, was it Security Metrics themselves?

Regards,

Tony

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

markp — Mon, 12 Nov 2012 13:14:48 GMT

Hi,

We have been advised by BT security that this port does not affect PCI compliance, and that if you have any problems with this port and Security Metrix, you need to go back to Security Metrix to resolve the problem.

Regards

Markp

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

TheMightyBox — Mon, 12 Nov 2012 14:19:58 GMT

Then it's a bit misleading to say "been confimred as a fault with the software that the Security Metrix scan is using", when there is no fault, the scan is correctly identifying an open port.

An open port that allows a third party to alter the router without the knowledge of the broadband subscriber. Not sure why BT Security thinks this isn't a PCI issue, it clearly is as 2wire would be gaining direct access to part of the PCI environment without any ability for us to control that.

I've emailed Security Metrics, I doubt they'll confirm this as a false positive based upon what I can see. I shall be ordering a new, more secure, router I guess.

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

realitytech — Wed, 14 Nov 2012 12:19:41 GMT

This is the reason we dont use BT supplied kit, between this and the open access points ours got binned 3 days after it arrived.

If the VoIP lines are non BT then you could perhaps look at a standard router with one or two linsys PAP devices. I beleive there is a dual FXS (two lines out) model that would do this. Failing that we use an Asterisk box here. Thats sat behind a PFSense firewall (which can run Asterisk) and thats sat behind a TP Link modem in PPPOE mode. This setup is a pain but it'll give you better security than any consumer router. Otherwise the FXS behind any generic router will work (possibly you'll need port forwards for 5060/udp)

If its BT provided VoIP lines the above *can* be made to work if you can get the BT SIP credentials. There is info on doing just this about but BT wont tell you what they are or how to get them if you ask.

if your VoIP provider already provided a stand alond FXS you may just need the port forward and any generic router will work. We use a hell of a lot of TP Link kit which has never let us down over hundreds of installs.

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

Stephenc — Wed, 14 Nov 2012 18:39:18 GMT

Hi there,

Yes the software does show the port open as it is open. However enough testing was not performed by Security Metrix to check if this was a security risk, upon further testing Security Metrix have confirmed the port is not a security risk and is used for genuine purposes.

Thanks,

Steve

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

WelshGrass — Sun, 25 Nov 2012 14:34:52 GMT

Hi there,

I've just been completing the PCI DSS process for Cardsave using Trustwave's online scanner. I too had vulnerabilities on port 50001 and 3479.

I went to Firewall, Advanced configuration and made sure everything that was unchecked was checked except Excessive Session Detection. Rescanning after this gave me the all clear.

So, can anyone tell me which option(s) out of Block Ping, Strict UDP Session Control, Inbound NetBIOS and Outbound NetBIOS I really needed to set or is disabling these a good idea anyway?

BT should be made aware that this issue may crop up again as more SMEs have to take PCI DSS certification.

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

murrayharr — Sun, 23 Dec 2012 10:28:14 GMT

I have this problem as well. BT seem to say it is securitymetrix and securitymetrix say it is BT. Either way, it must be resolved or a load of SME's like us are going to have to find new broadband providors. As mentioned, HSBC charge a lot of money each month if one is not secure, not to menion customer problems if one does not show the right security features to ones website-using clients.

This is not a joke, it is a very serious matter. What is the point of having bt business, which is supposed to be the Rolls-Royce of broadband ... if it is not suitable for business?

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

adrianc — Mon, 31 Dec 2012 16:24:49 GMT

"Either way, it must be resolved or a load of SME's like us are going to have to find new broadband providors"

Well, a new router really. As to the earlier question about VoIP support - if the VoIP in question is BT Broadband Voice then it is fully SIP compliant and should work with any SIP compatible equipment.

Adrian

[Edited for grammar]

Re: 2Wire BT2700HGV - Port 50001 open ... how to close it - fails security audit

Ham1979 — Wed, 09 Jan 2013 13:26:10 GMT

Has there been any update on this on anyone had any breakthroughs?

I'm not hopeful and I think it's wrong of BT to say it's a fault with Security Metrics when it's not. Their job is to identify unnecessary open ports which this appears to be and that is what they have done. I've tried changing settings on the firewall as someone else mentioned but scan still fails

It's BT's job to tells us how to close the port or liaise with the companies that run the scans to stop it being identified as a security vulnerability if thats genuienly true and not just them trying to pass the buck.

If it's for firmware updates, there is no need for this to be open all the time or at least it should be hidden that it's open

If the only solution is to bin the BT equipment and use a third party modem then there should be a reduction in fees to contribute to the cost of the equipment