1. Home
  2. Cable Modems
  3. Speedtouch 858i - some simple questions

Speedtouch 858i - some simple questions

Dear all,

this afternoon my ISP (German Tele2) had activated my adsl account. They gave me a Thomson Speedtouch 858i cable modem, but, something is still not clear to me - maybe someone out has the same modem and knows if the following things are "bugs" or "features".

- "Inside" my network I see several services running on the 858 - at least one, let's say httpd is needed to configure the box. But:

$ nmap 192.168.1.254

Starting nmap 3.55 (

formatting link
) at 2009-08-08 21:07 CEST Interesting ports on 192.168.1.254: (The 1654 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE

21/tcp open ftp 23/tcp open telnet 80/tcp open http 443/tcp open https 1723/tcp open pptp 8080/tcp closed http-proxy

Well, this is "inside", i.e. the "LAN" side, but, it seems to me, that all these ports are visible from "outside" too. When I look which IP the router has in the internet and I check this too, then the same ports are open and accessible from outside. I consider this to be a security lack.

Is this normal? Can access from outside be disabled as known from Cisco / Linksys?

- Furthermore, it seems to me that there's no way to manually start and stop an internet connection. In the web based config menu you can start / stop such a connection, but in my experience the modem establishes a connection to the isp as soon as you plug in the dsl / telephone cable into the 858.

Is this correct? Or can the 858 be configured in the way that a connection is only set up when packets are passed to the 858i as the default gateway, and after a certain timeout where nothing is transmitted, the 858 stops the connection?

Thanks for any hint!

Best regards,

Markus

Reply to
Markus R. Keßler
Loading thread data ...

Did you check from the outside? Or did you connect to the external IP address from the inside?

To truly scan from the outside, use a port scanning service like ShieldsUp

formatting link
.

Reply to
KR

Am Sun, 09 Aug 2009 02:11:17 +0200 schrieb KR:

Hi,

thanks for your hint!

The portscan service from above tells there was no port open. I also tried to ping the router from a foreign server where I was logged in with only lost packets. So, in this configuration the Speedtouch seems to be secure. But it still makes me nervous that there are no options like "remote control on/off", no clear forwarding table etc., as known from Linksys / Cisco. This looks to me that the Speedtouch was rather designed for "gamers".

The next point is that there's no option to setup and close a connection to the internet. When the cables are plugged in, then the internet connection is "always on". In my opinion it would be more secure to be online only during the time when packets are transmitted.

Thanks again, best regards,

Markus

Reply to
Markus R. Ke

You've already verified that no ports were open at the time of your test, so what exactly is making you nervous? How do "gamers" enter the picture?

The best thing about an 'always-on' connection is that it's always on. If you're concerned, use a firewall or NAT router, close any ports that don't need to be open, shut down any unneeded services that are listening for traffic, employ good antivirus and antimalware programs, and practice safe computing.

Reply to
Bill M.

Am Sun, 09 Aug 2009 12:51:24 -0500 schrieb Bill M.:

Coming from Linksys configuration I'm used to see a clear table in which I can enter my - for instance - port forwarding rules. Speedtouch describes these need with words like "share internet games" and so on. The word "game" is one of the most used in the config menu.

Firewall is the next issue. Cisco etc. provide clear filter rules where you can define which demand has to be processed and which to be declined. Speedtouch also uses words like pass a "game" through the router. Why? This doesn't sound serious.

And, there is nowhere to be read if this box is doing NAT, or Masquerading or what else. How can you rely on its protection?

Of course I only use the minimum count of services and constantly check all my machines with tools like nmap for accidentally opened ports. But the "feeling" I have when using devices like Speedtouch isn't as good as when using professional gear like Cisco. Don't you agree?

Best regards,

Markus

Reply to
Markus R. Ke

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.