• March 29, 2024, 07:04:21 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Security scan fails w/ TFTP Server open - how to close??  (Read 10924 times)

Tinchote

  • Level 1 Member
  • *
  • Posts: 4
Security scan fails w/ TFTP Server open - how to close??
« on: June 04, 2015, 11:17:30 AM »

This is not a fake scan. On my DIR 632, using tftp, I was able to read /etc/passwd and /etc/hosts, and to upload a file to; to make it worse, I was able to do this from outside the LAN.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security scan fails w/ TFTP Server open - how to close??
« Reply #1 on: June 04, 2015, 11:20:40 AM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?
  • Are you wired or wireless connected to the router?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Tinchote

  • Level 1 Member
  • *
  • Posts: 4
Re: Security scan fails w/ TFTP Server open - how to close??
« Reply #2 on: June 04, 2015, 11:25:47 AM »

Thanks. It's a DIR 632. hardware A1, firmware 1.01NA.

I'm in Canada. I'm accessing the router through the internet, I'm some 4km away from it; that's the scary thing, I don't mind if a port is opened towards the LAN, but this is opened wide to the world.

I run, on my console, "tftp my-router-ip GET /etc/passwd" and I was able to retrieve the file. I was also able to upload a file.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security scan fails w/ TFTP Server open - how to close??
« Reply #3 on: June 04, 2015, 11:30:46 AM »

I recommend upgrading the routers FW and see if this issue is closed:
http://support.dlink.ca/ProductInfo.aspx?m=DIR-632

Please follow this for updating FW: Link> >FW Update Process

"This product has been discontinued.
Free support for this product has ended on 08/02/2014"
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Tinchote

  • Level 1 Member
  • *
  • Posts: 4
Re: Security scan fails w/ TFTP Server open - how to close??
« Reply #4 on: June 04, 2015, 11:35:44 AM »

Thanks, I'll try that.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security scan fails w/ TFTP Server open - how to close??
« Reply #5 on: June 04, 2015, 11:40:27 AM »

Let us know how it turns out.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

Tinchote

  • Level 1 Member
  • *
  • Posts: 4
Re: Security scan fails w/ TFTP Server open - how to close??
« Reply #6 on: June 05, 2015, 09:33:55 AM »

So, I upgraded to the latest firmware (1.03) and port 69 UDP is still wide open. I tried to check some of the options to see where this could come from, but I came up empty; in particular, remote management is disabled.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Security scan fails w/ TFTP Server open - how to close??
« Reply #7 on: June 05, 2015, 09:40:20 AM »

There any programs like logging or other on the PC that could have this port open?

Is check up dates on the router enabled if there is this feature on this model router? Disable and check.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.