Sunday, 29 April 2012

BT Homehub V 3 Open ports 161 and 4567 stealthed

We would like to thank the original author of this review at www.punj.co.uk for granting us permission to publish this  particular blog content. The original contents of the review can be found at http://www.punj.co.uk/

On this page we are going to discuss why the BT Home Hub V3 is shipped with open ports




On our previous blog we discussed using OpenDNS with BT Broadband and the BT home hub. We still congratulate BT for providing their customers with a great home wireless router but like most people we cannot understand why they supply their router shipped with open ports.
It is now confirmed that the current BT Home Hub v3 is supplied with ports 161 and in some cases 4567 permanently open and not closed. We are also going to provide our readers a simple fix to stealth these open ports. 
Further the BT Hub Manager settings do not allow these ports to be further configured or turned off.

There is a lot of discussion at the BT Care Community Forums at
With people asking this very same question and the response from BT. 

You can check to see if your firewall or router has open ports by visiting the Gibson Research Corporation port scanning service called ShieldsUp. This can be found by following this link


The image below shows our test BT Home Hub V3 with port 161 open.


We would agree with the Gibson Research Corporation comments regarding port 161 and why open ports are vunerable to hack attacks.


“Most users will not be exposed to SNMP (nor will they ever find port 161 open) unless some piece of their networking equipment has an active and open SNMP service port. If our port analysis ever shows that a router (for example) or other network device exposed to the Internet has its SNMP interface open you will want to arrange to disable and close that port immediately. Malicious hackers know that some consumer networking equipment has been shipped with exposed SNMP ports and with default access passwords. Therefore, it would not be at all unlikely that such a router or other equipment would be quickly discovered and exploited. Malicious hackers would find this amusing, but you would probably not”
  
You can read the Gibson Research Corporation full description of port 161 at

Port 4567 is explained at

How to temporarily fix and stealth open ports 161 & 4567

OK now how can we stealth these open ports. Well it’s really up to BT to provide a permanent fix with an updated firmware to fully secure these open ports. As BT currently leave these ports open we can carry out a temporary solution in stealthing these open ports.

In brief we are going to access the BT Home Hub manager settings and use the port forwarding settings to route these open ports to an unused IP address on our network. 
We must ensure that this IP address is not or ever used for any device on our Lan network.

Well here is the simple fix. 

  1.  Login to your BT Home HUB  manager settings at 192.168.1.254.  
  2. Select “'Settings”. then 
  3. Select ‘Advanced Settings'. then 
  4. Select 'Port Forwarding'. 
  5. In 'Device’, select 'User-defined IP' and enter an unused IP address eg 192.168.1.250.  (Must be unique and not to be used by any device on the network). 
  6. Now Click 'Add' and 'Assign' and then 'Apply'  
  7.  In this same screen, click 'Supported applications'.  
  8.  Now add a new application. Name this as  SNMP/TRAM. This will represent the two protocols ports 161 & 4567.  
  9.  Set 'Protocol' to 'Any'.
  •  In all the boxes labelled 'Port Range' and 'Translate to', enter 161 then Click 'Add' 
  •  In all the boxes labelled 'Port Range' and 'Translate to', enter 4567.then Click 'Add'. 
  • Now Click 'Apply' to save and apply the new changes.
Now if you go to

and try the Gibson Research Corporation port scanning service called ShieldsUp this should show the previously open ports as now stealthed.


So to re-cap what we have done is used the port forwarding settings to route these ports to a unique unused IP address within our network which doesn’t exist. When the port scanner now tries to communicate with these ports to the non-existing IP address it can’t because the IP address has no device to communicate with.

Finally it’s really up to BT to provide a permanent fix with an updated firmware to fully secure these open ports. The port forwarding solution above is only a temporary solution in stealthing these open ports.

We hope you have enjoyed our latest tip and if you wish to discuss this further then please leave your comments and suggestions below.

punj

15 comments:

  1. Thanks for the information, I never knew about these open ports! However, the idiosyncrasy of bt home hub is stopping me from completing your stealthing process!
    when I go to choose to add an IP address that works OK. It opens for me to add an IP.
    I carefully added one I know is OK to use and the 'ADD' button to the right of where you enter the info, is greyed out?!
    No matter which IP I try to enter the thing stays greyed out. I tried clicking anyway to add, but nothing happens. :(
    I already had one port forward assigned to a game so I removed that, then applied, then tried your process again.
    The ADD button is STILL greyed out and disabled.
    I hate this hub!

    ReplyDelete
    Replies
    1. Hi Paul HPN
      Many thanks for your post.
      Make sure you select "Advanced Settings" and then "Continue to Advance settings".
      Then go to "Port Forwarding" and then to "Supported Applications" and see if it will let you setup a new game or application. Try setting an IP address after you have done the above.
      We have tried this on the BT Homehub Version 3 A and this process works for us.
      Come back if you still encounter problems and we try to help.

      Kind Regards
      Punj Blog Owner
      http://www.punj.co.uk

      Delete
  2. Hi, can't get it to work with ver3B.

    ReplyDelete
    Replies
    1. Hi Anonymous
      Our blog was based on the version 3A.
      Just checked our test system and everything still works as mentioned within our blog.
      Maybe BT have buggy firmware on the Version 3B homehubs.
      We will try to get a version 3B and see what the problem is.
      Keep checking here and we will post our results.

      Kind Regards
      Punj Blog Owner
      http://www.punj.co.uk

      Delete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Hi.
    Found your site by a Google search.
    I have a HH3.0B.
    The Firmware version was updated yesterday (supposedly non-buggy): V100R001C01B031SP12_L_B. Last updated 13/09/12
    I have tried what you said above. Created an application, set the ports to 161, and then mapped it to an unused IP on the network.
    ShieldsUP! still shows the port as open and not stealthed.
    I wondered if I have done something wrong, or BT have got around this block?

    I should point out that the open port 161 is NOT a mistake on the part of BT, it is so they can "manage" your router and network when they feel it is "necessary".

    I quote - "BT uses port 161 to carry out remote management on the Home Hub and the network. We manage customer devices so that they and any feature on them do not present any security issue. I'm sorry that I've repeated what was said before but that is the situation. Hope this helps."
    Posted by StephanieG, a Moderator on the BT Community Help Site.
    URL - http://community.bt.com/t5/Other-BB-Queries/port-161-open-on-home-hub-3/td-p/133207/page/7
    Message number 67.

    There are other posts by another Mod, CraigS, basically saying the same thing.

    As mentioned above, my HH3 firmware was updated remotely to SP12 yesterday WITHOUT any intervention from me.
    As an aside, my Infinity2 speed has dropped from 78Mbps to 64Mbps since then.

    If you need any tests done, just post here, and I will run them.

    Regards,
    SusiBiker

    ReplyDelete
    Replies
    1. Hi SusiBiker
      We are aware that BT are currently updating firmwares for the BT HomeHub V3.0b. This firmware update fixes a few issues on these version of the hubs. We currently only have the BT Homehub v3.0A which there are no firmware updates as the problems faced with the version 3.0b are not applicable to the version 3.0A.
      with what you say regarding the open ports if you have set ports 161 to an unused IP then this port should be stealthed. You may need to do a re-boot on the homehub. So to re-cap what we have done is used the port forwarding settings to route these ports to a unique unused IP address within our network which doesn’t exist. When the port scanner now tries to communicate with these ports to the non-existing IP address it can’t because the IP address has no device to communicate with.
      If your hub is still showing open ports then BT still have bugs in their firmware for the homehub V3.0B
      BT may well use open ports to communicate with the hub. But why can't they stealth these ports and do the samething. It seems that they are unable to reconise that any open ports are vunerable to hackers as they are clearly open for hackers to see and exploit.
      I have read the many posts on the BT forums regarding this and it seems it took BT a very long time for this simple explanation. So for us we are not convinced that our hub with open ports is safe.
      Regarding your speed drop dont worry to much yet. Try not to do to many re-boots on your router as the BT DLM system may think your line is faulty and drop your speed to stabalise this. If your line and home hub are fault free then your speed will recover in time.

      Kind Regards
      Punj Blog Owner
      http://www.punj.co.uk

      Delete
  5. Hi, I also have the HH3 version B and the port still shows as open after following this :(

    ReplyDelete
    Replies
    1. Hi Anonymous
      It seems that the BT Homehub V3.0B still has buggy firmware. What we have shown in this blog is just a simple port forwarding rule. It seems that the homehub v3.0B is not able to do this.
      We can confirm that closing the open ports on the version 3.0A homehubs still works.
      Sorry we were unable to help.

      Kind Regards
      Punj Blog Owner
      http://www.punj.co.uk

      Delete
  6. Please note, this is not a bug.
    bt lied about why the ports were open
    bt left the ports open deliberately.

    And now it looks like they want to keep them open, so are blocking the workaround
    bt and "others" want to snoop on people
    this should be illegal and regarded as hacking

    ReplyDelete
  7. How can me unblock them blocking us from attempting this workaround, i tried you're tut but mine is worded a bit differently there for is hard to follow, i tried best i could using common sense to follow you're instruction with how my page looks but i can't do it, i take it this is the block they have made, there must be another way of doing this, also would buying another router block port 161? or is 161 something that's open on the modem?

    ReplyDelete
  8. The work around no longer works on the HH3A.

    ReplyDelete
  9. Just recently noticed that on my BT homehub 3a that the ports are stealthed without the work around in the blog.
    Are bt now stealthing ports or is my hub faulty

    ReplyDelete
  10. Hi Anonymous
    We have reset our BT Homehub version 3.0A to factory defaults. This removes our port forwarding rules. It does appear to be now stealthed. It seems as BT have listened to its customers who have been concerned about open or closed ports. Our hub now shows all ports as stealthed without the port forwarding rules.
    Many thanks for your useful comment on our blog.
    And a big thank you to BT for carrying out this fix.
    Kind Regards
    Punj Blog Owner
    http://www.punj.co.uk

    ReplyDelete