cancel
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
YetAnotherAcc
Respected Contributor
Respected Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Are you sure that its the router itself that opened the port and not a device connected to the router?

DavidHarvey
Contributor
Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Port 49153 is closed on my router.

0 Kudos
Reply
optimistnz
Contributor
Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

192.168.2.1 is definitely my Sagemcom 5366T,  I login into using http://192.168.2.1/2.0/gui/#/login/

with username optus

I have DLA and Filesharing turned off, but I can't work out how to turn of UPNP.

You can see the ports open using nmap.

nmap 192.168.2.1
Starting Nmap 7.80 ( https://nmap.org ) at 2021-08-07 22:28 AEST
Nmap scan report for 192.168.2.1
Host is up (0.0029s latency).
Not shown: 844 closed ports, 152 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
49153/tcp open unknown

nmap + metasploit

msf6 > db_nmap -sV -p 53,80,443,49153 192.168.2.1
[*] Nmap: Starting Nmap 7.80 ( https://nmap.org ) at 2021-08-07 22:38 AEST
[*] Nmap: Nmap scan report for 192.168.2.1
[*] Nmap: Host is up (0.0039s latency).
[*] Nmap: PORT STATE SERVICE VERSION
[*] Nmap: 53/tcp open domain (unknown banner: UNKNOWN)
[*] Nmap: 80/tcp open http lighttpd
[*] Nmap: 443/tcp open ssl/http lighttpd
[*] Nmap: 49153/tcp open upnp Portable SDK for UPnP devices 1.6.18 (Linux 3.4.11-rt19; UPnP 1.0)
[*] Nmap: 1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
[*] Nmap: SF-Port53-TCP:V=7.80%I=7%D=8/7%Time=610E7EB5%P=x86_64-apple-darwin19.5.0%r
[*] Nmap: SF:(DNSVersionBindReqTCP,34,"\x002\0\x06\x85\x80\0\x01\0\x01\0\0\0\0\x07ve
[*] Nmap: SF:rsion\x04bind\0\0\x10\0\x03\xc0\x0c\0\x10\0\x03\0\0\0\0\0\x08\x07UNKNOW
[*] Nmap: SF:N");
[*] Nmap: Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel:3.4.11-rt19
[*] Nmap: Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
[*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 18.36 seconds

 

 

0 Kudos
Reply
tonymy01
Contributor
Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Network Settings, port forwarding is where the upnp option is disabled. Do you have an Apple in your network, the scan may indicate that.
0 Kudos
Reply
optimistnz
Contributor
Contributor

Re: New Optus supplied modem - Sagemcom 5366TN

Thanks Tony, I have disabled upnp now.
0 Kudos
Reply
YetAnotherAcc
Respected Contributor
Respected Contributor

Re: New Optus supplied modem - Sagemcom 5366TN


@optimistnz wrote:

192.168.2.1 is definitely my Sagemcom 5366T,  I login into using http://192.168.2.1/2.0/gui/#/login/

...

nmap 192.168.2.1


That scan only shows that 49153 is open on the Sagemcom, not that the Sagemcom is the device that requested the port to be opened.

What devices do you have connected downstream of the Sagemcom? Have you checked the ports on those devices?

0 Kudos
Reply