cancel
Showing results for 
Search instead for 
Did you mean: 

SNMP vulnerability Hub 5

rockin-john
Joining in

I have received a Virgin Media security alert for snmp ports 161 & 162.

I have entered the hub 5/security/port forwarding and there was port 161 in use, I cannot disable it because the config of the will not let me.

Under port forwarding as you can see below the enable and delete buttons are not divided, so the port cannot be deleted.

Port Config.jpg

John

 

10 REPLIES 10

Paul_DN
Forum Team
Forum Team

Hi rockin-john,

Thank you for reaching out to us in our community and welcome, can you check why device is on that IP address and can the device be configured to use another port?

Regards

Paul.

Hi Paul,

The device is a cctv dvr, I have had a look but cannot change the port on the recorder it seems it is allocated by the hub. not sure if it can be changed.

John..

Ah now this is an example of why uPnP should absolutely ALWAYS be turned off - the CCTV system will just do everything it thinks it needs to work and really doesn't care about any unintended consequences. I cannot see any valid reason why it would need the SNMP ports opened to the internet - unless of course someone, possibly the manufacturers intend to remote control and/or monitor it!

So what I would do is go into the Hub settings as above, make a note of the ports that have been opened, then disable uPnP. Reboot the hub to drop any established connections and then manually set up port forwarding for the ports EXCEPT for 161.

What I would be tempted to do is add the ports one at a time and test if the CCTV still works - after all do you want port 80 (unencrypted HTTP connections) allowed into your network without a very good reason? No, me neither! 443? probably yes - but see what works and what doesn't.

Tudor
Very Insightful Person
Very Insightful Person

Most of these CCTV systems are cheaply produced and the software is badly written. There should never be any reason why a device needs to open incoming ports. All correctly written software just contacts its home on port 443, just like a browser, and then it can get a reply back from its home without the need to open any ports. I would never ever purchase any of these devices that need ports opening, it leave you with a security risk.


Tudor
There are 10 types of people: those who understand binary and those who don't and F people out of 10 who do not understand hexadecimal c1a2a285948293859940d9a49385a2

Hi Jem101

Done as you suggested, but nothing worked, uPnP is off and it is still allocating port 161.

John

Hi @rockin-john,

Once you have disabled the UPnP, you'd need to reboot the hub and keep it switched off for at least 30 seconds.

Can you confirm you have done this? 

Ayisha_B
Forum Team

New around here? Check out the do's and don'ts, in our Community FAQs


legacy1
Alessandro Volta
What I find ironic is VM have UPnP not only enabled but allow this port too so now VM have like 2 million hub in router mode with UPnP enabled allowing this port nice!
---------------------------------------------------------------

Hi Ayisha_B,

I have rebooted the hub and left it for 1 min, there are 4 ports showing including 161, all the ports have been added automatically by UPnP and is still disabled.

john

Then it strikes me that if you have disabled uPnP on the Hub 5 but yet it is automatically forwarding ports then this is another bug in the Hub 5's firmware. There have been others including (ironically) inability to set up port forwarding, wifi not being compatible with some devices etc.

Now considering that this Hub is still in a trial/soft launch phase where bugs are, sort of expected, you can either live with it - if everything else is working but run the risk of getting more communications from VM regarding open ports, or call them and request they send you a Hub 3 or 4 (depending on your broadband speed) to replace the 5 on the grounds that it isn't working properly.