Hi Mark,

Who confirmed this software fault, was it Security Metrics themselves?

Regards,

Tony

Hi,

We have been advised by BT security that this port does not affect PCI compliance,  and that if  you have any problems with this port and Security Metrix, you need to go back to Security Metrix to resolve the problem.

Regards

Markp

Then it's a bit misleading to say "been confimred as a fault with the software that the Security Metrix scan is using", when there is no fault, the scan is correctly identifying an open port.

An open port that allows a third party to alter the router without the knowledge of the broadband subscriber. Not sure why BT Security thinks this isn't a PCI issue, it clearly is as 2wire would be gaining direct access to part of the PCI environment without any ability for us to control that.

I've emailed Security Metrics, I doubt they'll confirm this as a false positive based upon what I can see. I shall be ordering a new, more secure, router I guess.

This is the reason we dont use BT supplied kit, between this and the open access points ours got binned 3 days after it arrived.

If the VoIP lines are non BT then you could perhaps look at a standard router with one or two linsys PAP devices. I beleive there is a dual FXS (two lines out) model that would do this. Failing that we use an Asterisk box here. Thats sat behind a PFSense firewall (which can run Asterisk) and thats sat behind a TP Link modem in PPPOE mode. This setup is a pain but it'll give you better security than any consumer router. Otherwise the FXS behind any generic router will work (possibly you'll need port forwards for 5060/udp)

If its BT provided VoIP lines the above *can* be made to work if you can get the BT SIP credentials. There is info on doing just this about but BT wont tell you what they are or how to get them if you ask.

if your VoIP provider already provided a stand alond FXS you may just need the port forward and any generic router will work. We use a hell of a lot of TP Link kit which has never let us down over hundreds of installs.

Hi there,

Yes the software does show the port open as it is open.  However enough testing was not performed by Security Metrix to check if this was a security risk, upon further testing Security Metrix have confirmed the port is not a security risk and is used for genuine purposes.

Thanks,

Steve

"Either way, it must be resolved or a load of SME's like us are going to have to find new broadband providors"

Well, a new router really. As to the earlier question about VoIP support - if the VoIP in question is BT Broadband Voice then it is fully SIP compliant and should work with any SIP compatible equipment.

Adrian

[Edited for grammar]

Has there been any update on this on anyone had any breakthroughs?

I'm not hopeful and I think it's wrong of BT to say it's a fault with Security Metrics when it's not. Their job is to identify unnecessary open ports which this appears to be and that is what they have done. I've tried changing settings on the firewall as someone else mentioned but scan still fails

It's BT's job to tells us how to close the port or liaise with the companies that run the scans to stop it being identified as a security vulnerability if thats genuienly true and not just them trying to pass the buck. 

If it's for firmware updates, there is no need for this to be open all the time or at least it should be hidden that it's open

If the only solution is to bin the BT equipment and use a third party modem then there should be a reduction in fees to contribute to the cost of the equipment