Just in case you got scared by the TR-064 hack and likely causality to the German Telekom ISP outage yesterday as some modems expose TR-064 via the TR-069 WAN access, here is how to disable TR-069 in your Fritz!Box: [WayBack] TR-069 auf Fritzbox ausschalten und Ergebnis prüfen — Hartmut Goebel · CISSP, CSSLP · Berater für Information-Security-Management
Note that for Fritz!Box the TR-069 implementation is not as bad as some Speedport devices used by Telekom, but you might want to consider turning TR-069 off:
If you trust yourself to keep the Fritz!Box firmware *and* settings up-to-date better than your ISP does, below are the translated steps.
Steps to disable TR-069 on a Fritz!Box router
- Activate
telnetdon your Fritz!Box via a connected phone by dialing#96*7* - Connect to your Fritz!Box over telnet at using
telnet fritz.boxor instead offritz.box., use the IP-address of your Fritz!Box device- the password is the same as the password in the Fritz!Box web interface
- Disable TR-069 by typing this command:
ctlmgr_ctl w tr069 settings/enabled 0 - Verify the TR-069 is off by looking at configuration file with this command:
cat /var/flash/tr069.cfg- Check that at the start there is a line with
enabled = no
- Check that at the start there is a line with
- Disable
telnetdon your Fritz!Box via a connected by by dialing#96*8*
Note that even without a phone you can enable/disable
telnetd as described by [WayBack] FRITZ!Box VoIP password extraction –jeroen
References:
- [WayBack] Spekulation: Angriffe auf TR069 mit shell co… | Forum – heise online
- [WayBack] TR069 -> NTP -> Binary Injection … via [WayBack] TR069 -> NTP -> Binary Injection … – Kristian Köhntopp – Google+
- [WayBack] Eir D1000 Wireless Router – WAN Side Remote Command Injection (Metasploit). Remote exploit for Linux_MIPS platform.
- [WayBack] ‘Mirai bots’ cyber-blitz 1m German broadband routers – and your ISP could be next • The Register
- [WayBack] Störung Internet Zugang – behind this non-descriptive title are updates for Speedport routers used by German Telekom ISP provider
- [WayBack] A few words to the current DSL router disaster We brought this onto ourselves… via [WayBack] A few words to the current DSL router disaster … – Kristian Köhntopp – Google+ original at [WayBack] A few words to the current DSL router disaster We brought this onto ourselves.The problem is due to laziness. It is not caused by technological difficulties… – Martin Seeger – Google+
- [WayBack] Newly discovered router flaw being hammered by in-the-wild attacks | Ars Technica
The Wiert Corner - irregular stream of stuff 