Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Failed PCI compliance with port 50001 open on the router

osprey2260
Member

on ‎02-01-2016 05:07 PM

Model:

BT2700HGV
Hardware Version:2701-100589-005
Firmware Version:6.3.9.63-plus.tm

 

Security metrics have just failed our PCI compliance scan because of issues around Port 50001 being open with our BT router, they have suggested a new router, ours is too old? can anyone advise on this?

 

There are quite a few posts on here regarding this subject, but no answers really that I can see.

 

 

0 Kudos
10 REPLIES 10

spank
Grand Guru

on ‎03-01-2016 01:29 PM

Hi there,

 

BT were able to manage those routers externally, probably through that port.  Newer BT routers don't allow for this.

 

It is an old router, yes.  If your contract is out of term you could call sales and resign for a couple of years and get a new BT router as part of that package.

 

Thanks

0 Kudos

markp
Grand Guru

on ‎04-01-2016 01:47 PM

Hi osprey2260,

 

in the router you have port 50001 was for firmware updates and only for firmware updates, we advised Security metrics of this and they confirmed the router is PCI compliant.

 

Mark

 

AndrewVolstead
Member
In response to markp

on ‎14-06-2016 12:38 PM

Hi. I phoned BT technical support and they told me port 50001 was for firmware updates (they referred to it as the "heartbeat" of the router). When I call back a week later, and got a different office, they were adamant that port 50001 is used for wi-fi. They advised me to disable wi-fi on the router and rerun the compliance scan. I did and I failed again so I concluded the original information was correct.

 

It's frustrating that two different regional offices of BT have differing views on what pport 50001 is used for.

 

So, if anyone from BT is monitoring this forum, can you tell me conclusively what port 50001 is used for? And is there anything firm that I can take to Security Metrics to assure them that the open port is not a security issue? 

0 Kudos

markp
Grand Guru
In response to AndrewVolstead

on ‎14-06-2016 12:58 PM

Hi AndrewVolstead

 

I can assure you that port 50001 is for firmware "heartbeat" updates on the 2Wire routers.  This router is fully PCI compliant and we have told Security Metrics of this before.

 

 

Markp

0 Kudos

AndrewVolstead
Member
In response to markp

on ‎14-06-2016 01:13 PM

Hi Mark

 

Thanks for the quick reply. Have Security Metrics accepted this advice? If so, is there anyone/anything I can refer them to? At present, they are saying the router is non-compliant.

0 Kudos

markp
Grand Guru
In response to AndrewVolstead

on ‎14-06-2016 01:24 PM

HI,

 

A lot of customers have been having issues with Security Metrix.

 

The company has identified security issues on port 50001 on some BT routers.

We escalated this case through our, Head of Product Management - Business Hub, who today has confirmed the following:

 

Security have confirmed that, as of 29th Oct, the customer [1st Case raised] is certified as PCI compliant

 

Security Metrix have now confirmed with BT that it is not a fault of the router

This was back in 2012

 

Security Metrix will be aware of this it is a problem with their scaning software.

 

Markp

 

0 Kudos

AndrewVolstead
Member
In response to markp

on ‎14-06-2016 01:37 PM

Hi Mark

 

Thanks again. Can you let me have the name of the Head of Product Management, Business Hub and do you have the name of the person at Security Metrics who confirmed there is no issue.

 

What I like to say to Security Metrics is "Mr/Ms X confirmed with Mr/Ms Y on 29 October 2012 that there is no security issue with the router" so that they can check their own records. Otherwise, I think they will say there is no record of a conversation.

 

Do you also know if there has been any confirmation since 2012. I suspect another response from Security Metrics will be "that was then, this is now".

0 Kudos

markp
Grand Guru
In response to AndrewVolstead

on ‎14-06-2016 01:46 PM

Hi there,

 

I do not have the names sorry, nothing has changed with the 2Wire router between 2012 and now to warrant a change in PCI compliance.  Ths issue is at Security Metric's end.

 

Markp

 

0 Kudos

AndrewVolstead
Member
In response to markp

on ‎14-06-2016 01:52 PM

Hi Mark

 

Do you have the name of anyone at BT that I can escalate this to, in order to get something in writing from BT to show to Security Metrics?

0 Kudos