Disabling TR-069

Services provided via NBN Co, Opticomm, Open Networks, Red Train, LBN Co, and TPG FttB
Post Reply
MajorWedgie
Posts: 4
Joined: Wed Oct 05, 2016 4:01 pm
Location: Australia

Disabling TR-069

Post by MajorWedgie » Thu Sep 06, 2018 9:17 am

I want to disable TR-069 in my exetel provided ZTE modem because I do not trust it.

Can this be done? If so how? What are the ramifications?

KavindaS
Forum Admin
Posts: 2472
Joined: Wed Dec 23, 2009 3:59 pm
Location: Sydney

Re: Disabling TR-069

Post by KavindaS » Thu Sep 06, 2018 11:04 pm

MajorWedgie wrote:
Thu Sep 06, 2018 9:17 am
I want to disable TR-069 in my exetel provided ZTE modem because I do not trust it.

Can this be done? If so how? What are the ramifications?

By having the TR-069 configurations, Exetel technical support can do the configuration to your modem, whenever an issue occurred or it requires troubleshooting. By removing the configurations, we will not be able to remotely support and you need to do the suggested troubleshooting or configurations by your own.

To disable the TR-069 function, follow the below suggestions and refer for additional information of this.

On the main page of the ZXHN H268A, select Management & Diagnosis > TR-069 to open the Basic Configuration page.

Remove the details in the added fields and save.
Attachments
ZTE 1.jpg
ZTE 1.jpg (83.1 KiB) Viewed 1528 times
ZTE 2.jpg
ZTE 2.jpg (28.57 KiB) Viewed 1528 times

MajorWedgie
Posts: 4
Joined: Wed Oct 05, 2016 4:01 pm
Location: Australia

Re: Disabling TR-069

Post by MajorWedgie » Sat Sep 08, 2018 3:42 pm

and does TR-069 allow you into my network?

shehanw
Exetel Staff
Posts: 344
Joined: Mon Sep 16, 2013 8:36 pm
Location: Australia

Re: Disabling TR-069

Post by shehanw » Sat Sep 08, 2018 5:29 pm

TR 069 only allows us in to your modem to make changes if required in the event of troubleshooting any faults. However, it does not allow us to make any changes to your local network or devices that are connected.

tin
Posts: 178
Joined: Mon Jul 28, 2008 5:22 pm
Location: Northwest NSW
Contact:

Re: Disabling TR-069

Post by tin » Tue Nov 27, 2018 2:42 pm

Just adding for anyone else that comes across this... TR-069 allows for remote configuration changes to the device. Like any remote access, this is helpful for support... But does create a security risk (even if it's low).

TR-069 allows the settings to be changed, and firmware to be updated. Again, this is great for ISPs wanting to idiot-proof the settings, but highly dangerous if an attacker finds a way to push the changes out. DNS can be pointed to rogue servers that could result in malware being pushed to clients. Firmware could be updated to a version with an SSH back door.

Up to the end user, in the end. If you know how to configure a modem, turn it off. If you're someone that needs the ISP support to do it, keep it on.
The above post is copyright, may be edited at any time, and should not be taken internally. Any breach of these terms may result in legal action or a sore tummy.

aussierod
Posts: 43
Joined: Wed Dec 17, 2008 10:53 pm
Location: Qld

Re: Disabling TR-069

Post by aussierod » Wed Mar 06, 2019 10:25 pm

The steps provided by KavindaS don't actually block 7547 port.

Steps to block (stealth) the port are on my blog.
https://rodneystevens.com/tr-069-how-to ... zte-modem/

KavindaS
Forum Admin
Posts: 2472
Joined: Wed Dec 23, 2009 3:59 pm
Location: Sydney

Re: Disabling TR-069

Post by KavindaS » Wed Mar 06, 2019 10:58 pm

Hi All,

Thank you for sharing some additional information here, since we have received limited information from the modem support, comparing to what has been shared here.

Franpa
Posts: 438
Joined: Thu May 15, 2008 11:44 am
Location: Australia, QLD

Re: Disabling TR-069

Post by Franpa » Sat Mar 09, 2019 12:50 am

If the Service List option wasn't grayed out in the default configuration, we could simplify these steps https://rodneystevens.com/tr-069-how-to ... zte-modem/ to the following:

1) Make sure you have your Exetel VDSL password handy. (note: VoIP password is different)
2) Back up the default Exetel ZTE modem settings to a safe place.
3) Navigate to the following place: Internet (tab) >> WAN >> DSL Connection >> expand Exetel_VDSL (see attached picture to see what page you should be looking at).
4) Delete the contents of Service List (the stuff in the red rectangle) and click Apply (currently this box is grayed out in the default configuration and can't be changed).
5) Management & Diagnoses (tab) >> TR-069 >> Delete everything here and click Apply.

But as is, you have to duplicate the configuration to be able to delete the contents of Service List...
Attachments
Untitled.png
Untitled.png (85.67 KiB) Viewed 953 times
Windows 10 Pro x64 | Intel i7 920 @ 3.6GHz | ASUS P6T Motherboard | 24GB DDR3 1520MHz RAM | MSI Gamer 1070Ti 8GB | Integrated Sound Card | Corsair AX760 Platinum Power Supply | Exetel ZTE H268 Modem

Post Reply