IPFW port 30005/tcp

fernandel

Aspiring Daemon

Thanks: 137
Messages: 638

#1
Hi!

I am using IPFW with default option "workstation" on the desktop computer. I did test firewall online and was okay but today I registered on
https://www.speedguide.net/scan.php
and it found open port 30005/TCP. I red it is possible that is relatedt to TR-069 which is enabled in my ZyXEL VMG4380.
Is it possible to close the 30005 with firewall, please?

Thank you.
 

Rigoletto

Daemon
Developer

Thanks: 770
Messages: 1,677

#2
Hi.

The port is open on the router or your machine? It is not clear for me. :-/

If this router is from your ISP I guess it is somehow hard opened for upstream patches or similar, or I may be talking total bs too. :)

Also, I found that port is used by "Backdoor JZ" and "Litmus" trojans. :sssh:
 
OP
OP
fernandel

fernandel

Aspiring Daemon

Thanks: 137
Messages: 638

#3
I am confused. On the speedguide I got:
Code:
30005/tcp  open  unknownPort sometimes associated with TR-069 - application layer protocol for remote management of end-user devices. It is a bidirectional SOAP/HTTP-based protocol that provides communication between CPE devices and auto-configuration servers (ACS).
It can be used by some modems, gateways, routers, VoIP phones, set-top boxes.  TR-069 has some known exploits as demonstrated at the DEFCON22 conference. Cox Communcations reportedly uses this port.

If your modem/NAT router/gateway keeps this port open and you are sure you want to filter it (potential interference with ISPs pushing firmware updates), try the following.  Navigate to your router's admin interface and disable TR-069.
If that does not work, look under "port forwarding", or "virtual servers", and forward port 30005 to an unused local IP address, like (192.168.1.252)

Malware using this port: Backdoor JZ, Litmus trojan [IMG]https://www.speedguide.net/images/buttons/more.gif[/IMG]
I tried with " deny tcp from any to any dst-port 30005 in" but port was open still (speedguide).

I did scan my system with nmap and I didn't find that is 30005 open. I red somewhere that is not safe to disable it on modem? I do not know why. Do you think that is better to call my provider about this option, please?
 

chrbr

Aspiring Daemon

Thanks: 233
Messages: 649

#4
I red somewhere that is not safe to disable it on modem? I do not know why. Do you think that is better to call my provider about this option, please?
Where I live some providers want to make money by offering the users to lease a modem from the provider. The providers keep the modems firmware up to date. As far as I know they have an open port for remote access to manage that modem. The user can not miss-configure anything and the providers save money on support. At least the providers have advantages.

If you own the modem and nobody else should have access I would disable the port on the modem and see how it works. But it should not hurt to ask your provider, too. May be it is already in some FAQ.
 
Last edited by a moderator:
Top