Speedtouch 858i - some simple questions

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Dear all,

this afternoon my ISP (German Tele2) had activated my adsl account. They
gave me a Thomson Speedtouch 858i cable modem, but, something is
still not clear to me - maybe someone out has the same modem and knows if
the following things are "bugs" or "features".

- "Inside" my network I see several services running on the 858 - at least
one, let's say httpd is needed to configure the box. But:

$ nmap 192.168.1.254

Starting nmap 3.55 ( http://www.insecure.org/nmap/ ) at 2009-08-08 21:07 CEST
Interesting ports on 192.168.1.254:
(The 1654 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE
21/tcp   open   ftp
23/tcp   open   telnet
80/tcp   open   http
443/tcp  open   https
1723/tcp open   pptp
8080/tcp closed http-proxy

Well, this is "inside", i.e. the "LAN" side, but, it seems to me, that all
these ports are visible from "outside" too. When I look which IP the
router has in the internet and I check this too, then the same ports are
open and accessible from outside. I consider this to be a security lack.

Is this normal?
Can access from outside be disabled as known from Cisco / Linksys?

- Furthermore, it seems to me that there's no way to manually start and
stop an internet connection. In the web based config menu you can start /
stop such a connection, but in my experience the modem establishes a
connection to the isp as soon as you plug in the dsl / telephone cable
into the 858.

Is this correct? Or can the 858 be configured in the way that a
connection is only set up when packets are passed to the 858i as the
default gateway, and after a certain timeout where nothing is transmitted,
the 858 stops the connection?

Thanks for any hint!

Best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm


Re: Speedtouch 858i - some simple questions


On 08.08.2009 21:34, Markus R. Ke▀ler wrote:
Quoted text here. Click to load it

Did you check from the outside? Or did you connect to the external IP
address from the inside?

To truly scan from the outside, use a port scanning service like
ShieldsUp (https://www.grc.com/x/ne.dll?bh0bkyd2 ).

Re: Speedtouch 858i - some simple questions


Am Sun, 09 Aug 2009 02:11:17 +0200 schrieb KR:

Quoted text here. Click to load it

Hi,

thanks for your hint!

The portscan service from above tells there was no port open. I also
tried to ping the router from a foreign server where I was logged in with
only lost packets. So, in this configuration the Speedtouch seems to be
secure. But it still makes me nervous that there are no options like
"remote control on/off", no clear forwarding table etc., as known from
Linksys / Cisco. This looks to me that the Speedtouch was rather designed
for "gamers".

The next point is that there's no option to setup and close a connection
to the internet. When the cables are plugged in, then the internet
connection is "always on". In my opinion it would be more secure to be
online only during the time when packets are transmitted.

Thanks again,
best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm


Re: Speedtouch 858i - some simple questions


On Sun, 09 Aug 2009 16:59:20 +0200, Markus R. Ke▀ler

Quoted text here. Click to load it

You've already verified that no ports were open at the time of your
test, so what exactly is making you nervous? How do "gamers" enter the
picture?

Quoted text here. Click to load it

The best thing about an 'always-on' connection is that it's always on.
If you're concerned, use a firewall or NAT router, close any ports
that don't need to be open, shut down any unneeded services that are
listening for traffic, employ good antivirus and antimalware programs,
and practice safe computing.

--
Bill

Re: Speedtouch 858i - some simple questions


Am Sun, 09 Aug 2009 12:51:24 -0500 schrieb Bill M.:

Quoted text here. Click to load it

Coming from Linksys configuration I'm used to see a clear table in which
I can enter my - for instance - port forwarding rules.
Speedtouch describes these need with words like "share internet games" and
so on. The word "game" is one of the most used in the config menu.

Quoted text here. Click to load it

Firewall is the next issue. Cisco etc. provide clear filter rules where
you can define which demand has to be processed and which to be declined.
Speedtouch also uses words like pass a "game" through the router.
Why? This doesn't sound serious.

And, there is nowhere to be read if this box is doing NAT, or Masquerading
or what else. How can you rely on its protection?

Of course I only use the minimum count of services and constantly check
all my machines with tools like nmap for accidentally opened ports.
But the "feeling" I have when using devices like Speedtouch isn't as good
as when using professional gear like Cisco. Don't you agree?

Best regards,

Markus

--
Please reply to group only.
For private email please use http://www.dipl-ing-kessler.de/email.htm


Site Timeline