Two weeks ago we switched our Internet and copper phone-line to the NBN grid. (you have no choice 18 months after your street is hooked up)
Our Exetel ISP send out a free ZTE modern on their 12 month contacts. (while oddly selling NetComm modems for $80+)
Turns out the ZTE modem they send out has an enter antime they like ‘service’ back-door called TR-069 (see the above video showing how it’s hacked) which uses port 7547.
I did a port scan on the new ZTE … holy gecko poop, an open port!!
Frantic me posted on the Exetel forum asking how to turn TR-069 off – but they were no help.
- Plan B, buy a better brand? Nah, just wasted booze money.
- Plan C, I like the challenge using what’s at hand, so I cascaded our old ADSL router >> ZTE LAN to WAN on the ADSL router.
LAN to WAN >> All the ZTE can see is one LAN in use, even with a dozen devices connected behind the ADSL router.
That got boring last night – one power board with too many bloody things plugged in … port test still failing and the ‘through speed’ seemed slower … so I ditched the ADSL router and did the following with success …
- Make sure you have your Exetel VDSL password handy. (note: VoIP password is different)
- Back up the default Exetel ZTE modem settings to a safe place.
- WAN Settings >> WAN >> DSL Connection >> open Exetel_VDSL and note the factory settings.
- Then below it click “Create New Item”
- Copy everything in the Exetel_VDSL except for “Service List”
- In the new item select INTERNET_VoIP (or INTERNET only if you don’t have VoIP)
- Make sure your user name and password are correct.
- BEFORE clicking “APPLY”, delete the original Exetel_VDSL version. It will clear without refreshing the page.
- Our ZTE still had the obsolete “Exetel_ADSL” settings which was deleted too. (only delete it when you’re 100% on the NBN)
- Now click APPLY on the new Exetel_VDSL copy.
- Reboot the router and make sure you still have internet access.
- Management and Diagnoses >> TR-069 >> switch all radio buttons to ‘off’.
- Head over to https://www.grc.com/x/portprobe=7547 and check that the port is now stealth.
NOTE: using fake info on the TR-069 page does NOT close the port.
It would have been nice to just have an on-off radio button in the TR-069 settings.
There’s must be a reason why Exetel sells better Netcomm’s. Being ZTE, and free, I still don’t trust these chicom things.