Disabling TR-069

Services provided via NBN Co, Opticomm, Open Networks, Red Train, LBN Co, and TPG FttB
Post Reply
MajorWedgie
Posts: 4
Joined: Wed Oct 05, 2016 4:01 pm
Location: Australia

Disabling TR-069

Post by MajorWedgie » Thu Sep 06, 2018 9:17 am

I want to disable TR-069 in my exetel provided ZTE modem because I do not trust it.

Can this be done? If so how? What are the ramifications?

User avatar
KavindaS
Forum Admin
Posts: 2012
Joined: Wed Dec 23, 2009 3:59 pm
Location: Sydney

Re: Disabling TR-069

Post by KavindaS » Thu Sep 06, 2018 11:04 pm

MajorWedgie wrote:
Thu Sep 06, 2018 9:17 am
I want to disable TR-069 in my exetel provided ZTE modem because I do not trust it.

Can this be done? If so how? What are the ramifications?

By having the TR-069 configurations, Exetel technical support can do the configuration to your modem, whenever an issue occurred or it requires troubleshooting. By removing the configurations, we will not be able to remotely support and you need to do the suggested troubleshooting or configurations by your own.

To disable the TR-069 function, follow the below suggestions and refer for additional information of this.

On the main page of the ZXHN H268A, select Management & Diagnosis > TR-069 to open the Basic Configuration page.

Remove the details in the added fields and save.
Attachments
ZTE 1.jpg
ZTE 1.jpg (83.1 KiB) Viewed 488 times
ZTE 2.jpg
ZTE 2.jpg (28.57 KiB) Viewed 488 times

MajorWedgie
Posts: 4
Joined: Wed Oct 05, 2016 4:01 pm
Location: Australia

Re: Disabling TR-069

Post by MajorWedgie » Sat Sep 08, 2018 3:42 pm

and does TR-069 allow you into my network?

shehanw
Exetel Staff
Posts: 344
Joined: Mon Sep 16, 2013 8:36 pm
Location: Australia

Re: Disabling TR-069

Post by shehanw » Sat Sep 08, 2018 5:29 pm

TR 069 only allows us in to your modem to make changes if required in the event of troubleshooting any faults. However, it does not allow us to make any changes to your local network or devices that are connected.

tin
Posts: 176
Joined: Mon Jul 28, 2008 5:22 pm
Location: Northwest NSW
Contact:

Re: Disabling TR-069

Post by tin » Tue Nov 27, 2018 2:42 pm

Just adding for anyone else that comes across this... TR-069 allows for remote configuration changes to the device. Like any remote access, this is helpful for support... But does create a security risk (even if it's low).

TR-069 allows the settings to be changed, and firmware to be updated. Again, this is great for ISPs wanting to idiot-proof the settings, but highly dangerous if an attacker finds a way to push the changes out. DNS can be pointed to rogue servers that could result in malware being pushed to clients. Firmware could be updated to a version with an SSH back door.

Up to the end user, in the end. If you know how to configure a modem, turn it off. If you're someone that needs the ISP support to do it, keep it on.
The above post is copyright, may be edited at any time, and should not be taken internally. Any breach of these terms may result in legal action or a sore tummy.

Post Reply