[TriLUG] Vulnerability on Uverse

James Jones via TriLUG trilug at trilug.org
Mon Nov 16 17:33:34 EST 2015


A friend has a small business which accepts credit cards. To be
properly compliant with PCI security requirements, a company is
employed to scan their system periodically from the outside world.

A little over a year ago, the business switched to Uverse as their
internet provider and the scans revealed port 61001 as open with a
vulnerability. The business received an exception and went on it's
merry way.

This year, the exception hasn't been approved and the scanning company
is saying others have fixed the problem, so this small business should
also be able to fix the problem.

The scanning company suggests such things as bridging the uverse
gateway with your own router, getting a different gateway from uverse
and even a veiled suggestions to get firmware update from the
manufacturer ( 2wire gateway ).

At&t says their gateways don't offer a bridging mode.
I would suspect a firmware update from the manufacturer would have to
be installed by AT&T.
At&t has not offered to update the gateway and basically says all of
their gateway models would have the same port open.

At the moment, I have a router in the dmz of the gateway with it's
firewall enable and port 61001 specifically blocked. Of course, a scan
of the ip address sees the gateway's modem and the open 61001 that has
the vulnerability.

As I mentioned early, this is a small business. Only one computer, no
wifi. Any thoughts on how I might harden the entire system would be
appreciated.

jcj



-- 
Jc Jones
Blogs -
http://www.wendellgeek.com/weblog/
http://www.wendellgeek.com/kixtech/


More information about the TriLUG mailing list