Speedtouch 858i - some simple questions

[Markus R. Keßler]

Dear all,

this afternoon my ISP (German Tele2) had activated my adsl account. They
gave me a Thomson Speedtouch 858i cable modem, but, something is
still not clear to me - maybe someone out has the same modem and knows if
the following things are "bugs" or "features".

- "Inside" my network I see several services running on the 858 - at least
one, let's say httpd is needed to configure the box. But:

$ nmap 192.168.1.254

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2009-08-08 21:07 CEST
Interesting ports on 192.168.1.254:
(The 1654 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
443/tcp open https
1723/tcp open pptp
8080/tcp closed http-proxy

Well, this is "inside", i.e. the "LAN" side, but, it seems to me, that all
these ports are visible from "outside" too. When I look which IP the
router has in the internet and I check this too, then the same ports are
open and accessible from outside. I consider this to be a security lack.

Is this normal?
Can access from outside be disabled as known from Cisco / Linksys?

- Furthermore, it seems to me that there's no way to manually start and
stop an internet connection. In the web based config menu you can start /
stop such a connection, but in my experience the modem establishes a
connection to the isp as soon as you plug in the dsl / telephone cable
into the 858.

Is this correct? Or can the 858 be configured in the way that a
connection is only set up when packets are passed to the 858i as the
default gateway, and after a certain timeout where nothing is transmitted,
the 858 stops the connection?

Thanks for any hint!

Best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm

[KR]

On 08.08.2009 21:34, Markus R. Keßler wrote:
>
> Well, this is "inside", i.e. the "LAN" side, but, it seems to me, that all
> these ports are visible from "outside" too. When I look which IP the
> router has in the internet and I check this too, then the same ports are
> open and accessible from outside. I consider this to be a security lack.

Did you check from the outside? Or did you connect to the external IP
address from the inside?

To truly scan from the outside, use a port scanning service like
ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2).

[Markus R. Keßler]

Am Sun, 09 Aug 2009 02:11:17 +0200 schrieb KR:

> On 08.08.2009 21:34, Markus R. Keßler wrote:
>>
>> Well, this is "inside", i.e. the "LAN" side, but, it seems to me, that all
>> these ports are visible from "outside" too. When I look which IP the
>> router has in the internet and I check this too, then the same ports are
>> open and accessible from outside. I consider this to be a security lack.
>
> Did you check from the outside? Or did you connect to the external IP
> address from the inside?
>
> To truly scan from the outside, use a port scanning service like
> ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2).

Hi,

thanks for your hint!

The portscan service from above tells there was no port open. I also
tried to ping the router from a foreign server where I was logged in with
only lost packets. So, in this configuration the Speedtouch seems to be
secure. But it still makes me nervous that there are no options like
"remote control on/off", no clear forwarding table etc., as known from
Linksys / Cisco. This looks to me that the Speedtouch was rather designed
for "gamers".

The next point is that there's no option to setup and close a connection
to the internet. When the cables are plugged in, then the internet
connection is "always on". In my opinion it would be more secure to be
online only during the time when packets are transmitted.

Thanks again,
best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm

[Bill M.]

On Sun, 09 Aug 2009 16:59:20 +0200, Markus R. Keßler
<dimke.fax@uni.de> wrote:

>Am Sun, 09 Aug 2009 02:11:17 +0200 schrieb KR:
>
>> On 08.08.2009 21:34, Markus R. Keßler wrote:
>>>
>>> Well, this is "inside", i.e. the "LAN" side, but, it seems to me, that all
>>> these ports are visible from "outside" too. When I look which IP the
>>> router has in the internet and I check this too, then the same ports are
>>> open and accessible from outside. I consider this to be a security lack.
>>
>> Did you check from the outside? Or did you connect to the external IP
>> address from the inside?
>>
>> To truly scan from the outside, use a port scanning service like
>> ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2).
>
>Hi,
>
>thanks for your hint!
>
>The portscan service from above tells there was no port open. I also
>tried to ping the router from a foreign server where I was logged in with
>only lost packets. So, in this configuration the Speedtouch seems to be
>secure. But it still makes me nervous that there are no options like
>"remote control on/off", no clear forwarding table etc., as known from
>Linksys / Cisco. This looks to me that the Speedtouch was rather designed
>for "gamers".

You've already verified that no ports were open at the time of your
test, so what exactly is making you nervous? How do "gamers" enter the
picture?

>The next point is that there's no option to setup and close a connection
>to the internet. When the cables are plugged in, then the internet
>connection is "always on". In my opinion it would be more secure to be
>online only during the time when packets are transmitted.

The best thing about an 'always-on' connection is that it's always on.
If you're concerned, use a firewall or NAT router, close any ports
that don't need to be open, shut down any unneeded services that are
listening for traffic, employ good antivirus and antimalware programs,
and practice safe computing.

--
Bill

[Markus R. Keßler]

Am Sun, 09 Aug 2009 12:51:24 -0500 schrieb Bill M.:

> On Sun, 09 Aug 2009 16:59:20 +0200, Markus R. Keßler
> <dimke.fax@uni.de> wrote:
>
>>Am Sun, 09 Aug 2009 02:11:17 +0200 schrieb KR:
>>
>>> On 08.08.2009 21:34, Markus R. Keßler wrote:
>>>>
>>>> Well, this is "inside", i.e. the "LAN" side, but, it seems to me, that all
>>>> these ports are visible from "outside" too. When I look which IP the
>>>> router has in the internet and I check this too, then the same ports are
>>>> open and accessible from outside. I consider this to be a security lack.
>>>
>>> Did you check from the outside? Or did you connect to the external IP
>>> address from the inside?
>>>
>>> To truly scan from the outside, use a port scanning service like
>>> ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2).
>>
>>Hi,
>>
>>thanks for your hint!
>>
>>The portscan service from above tells there was no port open. I also
>>tried to ping the router from a foreign server where I was logged in with
>>only lost packets. So, in this configuration the Speedtouch seems to be
>>secure. But it still makes me nervous that there are no options like
>>"remote control on/off", no clear forwarding table etc., as known from
>>Linksys / Cisco. This looks to me that the Speedtouch was rather designed
>>for "gamers".
>
> You've already verified that no ports were open at the time of your
> test, so what exactly is making you nervous? How do "gamers" enter the
> picture?

Coming from Linksys configuration I'm used to see a clear table in which
I can enter my - for instance - port forwarding rules.
Speedtouch describes these need with words like "share internet games" and
so on. The word "game" is one of the most used in the config menu.

>>The next point is that there's no option to setup and close a connection
>>to the internet. When the cables are plugged in, then the internet
>>connection is "always on". In my opinion it would be more secure to be
>>online only during the time when packets are transmitted.
>
> The best thing about an 'always-on' connection is that it's always on.
> If you're concerned, use a firewall or NAT router, close any ports that
> don't need to be open, shut down any unneeded services that are
> listening for traffic, employ good antivirus and antimalware programs,
> and practice safe computing.

Firewall is the next issue. Cisco etc. provide clear filter rules where
you can define which demand has to be processed and which to be declined.
Speedtouch also uses words like pass a "game" through the router.
Why? This doesn't sound serious.

And, there is nowhere to be read if this box is doing NAT, or Masquerading
or what else. How can you rely on its protection?

Of course I only use the minimum count of services and constantly check
all my machines with tools like nmap for accidentally opened ports.
But the "feeling" I have when using devices like Speedtouch isn't as good
as when using professional gear like Cisco. Don't you agree?

Best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm