on 06-02-2022 11:42 AM
This post is relatively more technical than most, so I’ll start by asking you what a socket is? If you know the answer then perhaps you can help, otherwise I’m sure there’s something more interesting happening on FlipFlop or whatever your “socials” are 😉 Oh, that’s 30 seconds up...
Still here? Okay, then I’ll begin:
Recently I was sent an EchoLife DG8041W Home Gateway for no apparent reason - just because. So I opened it up and after admiring the initial sleek design I noticed it was made by Huawei, and then promptly put it back in the box. I’m a little confused as to why it’s okay for UK broadband companies to supply Huawei equipment in 2022 when all the mobile phone operators have been ordered to remove Huawei 5G equipment as far back as 2020? So, is it now safe to use Huawei equipment in 2022? Before you start answering with marketing blurb, what’s the chipset in the router? If you don’t know then you have know idea what’s running inside, so don’t bother trying to answer. At this point I shelved the router and carried on as normal - everything is working so leave it alone.
Shortly afterwards a second letter arrived proclaiming “Please connect your new router without delay to ensure you do not lose your broadband service.” Yikes! So I thought I would have a look at this essential piece of equipment that was sent to me.
Being curious I decided to run nmap on it to see what it’s actually doing. Could someone explain why ports 49152, 49153, 49652 and 49653 are open? According to nmap they are all connected with UPnP. This is a back door, isn’t it? UPnP allows automatic port forwarding without authentication for ease of set up, doesn’t it? It would allow TalkTalk full access to not just the router but also any device connected to the router (assuming they did not have any further protections). So, what makes you think that only TalkTalk would be able to use this feature exclusively? I mean it’s not like you haven’t been hacked or something, oh wait, you were hacked in 2015... So, it’s perfectly safe to assume that nobody else would ever abuse those open ports on your network then? Answers on a post card folks when the network goes down.
Okay, so now let’s look inside the router management console (not hooked up to the internet). Kudos for having a non default admin / password - at least that’s an improvement for all users. Shame it took a change in the law in 2021 to implement, but from a security point of view I can’t fault it. Well done!
Now let’s look at those advanced settings. Wired devices, 2. Hmmm, two MAC addresses and only one used. Why does it need two MAC addresses? One for Ethernet and one for WiFi maybe? Nope. One for Ethernet + WiFi and one for… Who knows. Is this to do with IPTV? Strange. Ah, here we go WAN information. Looks like you are supporting Internet and IPTV on both ADSL and VDSL. Is this the reason for the second MAC address? Not sure. Now lets look at User device Information, there’s that second MAC address again which is not connected to anything. Anybody care to enlighten me as to why you need two MAC addresses for the same router? I’m really curious - what is it doing? Oh, look two networks in the IPv4 Routing Table - 192.168.1.0 and 192.168.2.0. So this is looking more like IPTV. I would appreciate if someone could confirm this.
Now let’s look at the firewall settings. The choices are: “TalkTalk” / “High” / “Disabled”. That’s terrible! What is the difference between “TalkTalk” and “High”? Do you block ports? Do you block IP addresses? Do you block services? What exactly does “TalkTalk” firewall? This is the “advanced settings” isn’t it? Could I have the “extra” advanced settings so that I can see what this is actually doing please? No information what so ever...
Oh dear UPnP is on by default. That might explain all those open ports on this router. Why? It’s 2022 and it’s not like UPnP exploits have gone away.
Ewwwwww: TR-069 “an application layer protocol for remote management and provisioning of customer-premises equipment” according to Wikipedia. Well I guess that says it all. TalkTalk has remote management of this router. Worse still in ACS Parameter Settings, the ACS Password is already entered and although Certificate Authentication is switched on the Private Key Password is EMPTY. What’s the betting that the Router Serial Number plus a Salt is the password in hashed format. How long before that leaks? I would also guess that serial numbers are sequential for all the EchoLife DG8041W routers and that Shodan is already scanning right now.
When UPnP is combined with TR-069 this will give TalkTalk complete control over the router and all the devices connected to the router, wouldn’t it? Seriously? No talking way!
So, now that I’ve established that your new router is a liability waiting to happen and I won’t be using it, perhaps I could turn to the letters that I have received:
The first letter that came with the router merely informs that I’ll get better WiFi and “service”. I’m assuming the “service” part is referring to the up and coming relaunch of your IPTV services which I wouldn’t get with my current router? Seeing as that second MAC in the router seems to indicate this. Correct me if I’m wrong. As for WiFi, I run my own access points that don’t come with the WPS vulnerability that everyone seems to push these days (pun intended). I note also I can’t turn that off in your router. Considering I just want ADSL this really doesn’t apply to me. I’ll skip the “security” part the letter proclaims…
Now, about the second letter which claims that I may lose my broadband service if I don’t use this router. Is this really accurate? I mean you have a whole page dedicated on your own website for setting non TalkTalk routers:
I note that it was updated December 2021 so it’s still up to date. As long as you set the VPI to 0, VCI to 38, MTU to 1432 and choose PPPoA using VC-MUX you’re pretty much good to go with any router, aren’t you? Are you really telling me that if I use a non TalkTalk router using settings that TalkTalk have used for well over a decade that I’m suddenly going to lose access to broadband services? I mean I could understand if you were intending to switch me from ADSL to VDSL but you don’t actually say that in the letter so I’m assuming not. Even if you did I could always just turn on VDSL with the current router. What’s the problem? Oh, you mean the up and coming IPTV services that I’m not really interested in. Couldn’t care less as long as I get internet.
So will I be cut off or not if I continue to use my own equipment? Could I have more clarity on this please? Preferably from someone who really knows what is really going on at TalkTalk.
on 08-02-2022 11:18 AM
If the last router that TalkTalk sent you was ADSL only then that would likely be why they sent you this new VDSL compatible router. You are perfectly entitled to use your own router, TalkTalk are happy for people to use their own routers, so you don't need to spoof the MAC to keep them happy !
The DG8041W you have been sent is ADSL & VDSL compatible, so if you use your own device and also have it set to ADSL & VDSL then I would think that should be fine (as long as you are using the settings specified on https://community.talktalk.co.uk/t5/Articles/Set-up-a-non-TalkTalk-router/ta-p/2205383)
on 08-02-2022 11:08 AM
Thank you. It's OpenWrt and supports VDSL. It was initially set to ADSL only and I've changed it to "Auto" which supposedly negotiates ADSL and VDSL. If the internet stops I'll change it to VDSL only. I've also spoofed the MAC to make it look like the Huawei so hopefully I won't get any issues. If it is an ADSL to VDSL switch over then I appreciate that I'm responsible to ensure the equipment works as expected. I would prefer OpenWrt if possible - I just want to use the internet without all the hacking that's going on (I speak from experience).
07-02-2022 08:22 PM - edited 07-02-2022 08:23 PM
As @martswain says, it is likely TalkTalk are planning to upgrade you from ADSL to FTTC Fibre, if you don't want to use the supplied Wi-Fi Hub you are free to use a router of your own, but it needs to support Fibre (VDSL), this will be why TalkTalk have sent you this new router (if your existing TalkTalk supplied router does not support VDSL).
If you are currently using a router that does not support VDSL then you will lose connection if your line is upgraded to FTTC Fibre.
on 07-02-2022 10:20 AM
You will likely getting a free upgrade from ADSL to Fibre 35 just the same a thousands of other customers.
As for the rest of your worries, keep that tinfoil hat on, the Huawei Hubs have been supplied for several years.
For that router there has only been one issue regarding constant reboots due to a kernel panic, but strangely only affects a small number of customers on the standard firmware, if you have the issue there is an update available but TT have not deemed it necessary for all of the users.
Don't let the Huawei paranoia get the better of you !
on 07-02-2022 10:04 AM
More Chinese equipment to be removed from the cellular networks: