recent attack on port 7547, inclusion of port in avast wifi inspector 

jraju · 2017-05-01T14:21:58.000Z

Hi, The attack is thro the port 7547 and the symptom is sudden out of internet light . This is the problem that i am having . on deep looking i found that in the network tool in my dlink router, while browsing each item, i found an item tr-069 configuration had a third party entry. I found a url of a third party entry using this service thro the port 7547, which is definitely scanned by wifi inspector. i could not erase any entries in the menu including that url and it is ofcourse, an attack on the router by recent times. Avast gives no vulnerabilities of that port but i found this url not at all related to my service or router provider. I am not mentioning the url , as i am going to my service provider with it or the Dlink support.
But my concern is avast gives no vulnerability of such attacks , even shields up show the port as stealthy , but on shodan site, it shows as vulnerable and there i found about the port. Avast is also having the port , covered in its scan but i think that it escapes from the scan or not allowing the avast to scan the said port.
There are user and password entries , besides url, and time to report in some times the event. I do not see the syntax of the attack on that page, but i find it safely residing.Please make avast scan the port stealthily.

jraju · 2017-05-01T14:39:36.000Z

Hi, please see the attachement and also the link
http://iotscanner.bullguard.com/

DavidR · 2017-05-01T15:10:12.000Z

Most people will have great difficulty in viewing your image, given its size 1700X2200 and the layout of the forum (space either side plus the profile info column), it will far exceed their screen resolution. I had to reduce screen font size to 67% to get it within the screen/forum width.

Cropping images to only that which is required helps.

Not sure if I like the scripts running for googletagmanager on bullguard.com for this check. Not that I have any IoT devices anyway and I doubt I ever will.

You might also take a look at the avast blog https://blog.avast.com/microwave-watching-me-internet-things-security-top-steps-connected-safety.

jraju · 2017-05-02T08:19:42.000Z

Regarding the picture i sent, i could not print screen it. so, i just saved as word and then convert it online for jpeg to send to this forum.
But today, i had a talk with dlink helpline and he has instructed to change that url to Dlink site, without enabling the tr 069 configuration of that port. i did and saved the router page. Now , i get this result in the iobit scanner
Good news!
You are not public on Shodan
Even though you are not public on Shodan, the devices in your network might still be vulnerable. Click the Deep Scan button below to make sure you are not vulnerable.
Please note that performing a deep scan may result in any vulnerabilities being indexed by Shodan
I just did the first scan and i want avast to check this port with still more deep scan. I only recently read about attacks on router on this port. i also heard that once this port is infected with other urls , then it will close the port and would not allow scan of the port. I do not know , whether this part is correct or not.
Nobody would be searching for this kind of entries in their router, as many thinks that it is just another electronic device. Avast antivirus needs special mention for the emerging new aspects and introduction of the Network scan now called wifi inspector, an apt name.
Nobody would know , as avast shows as no vulnerability in the scan. I need this aspect to be studied deeply.
I noticed that whenever there is no connection with pc, the modem light never went out even for a few seconds. This made me thing that something wrong in the settings in the router . This led me to this port . I hope that my problem is solved.
I will confirm after some more logins

Pondus · 2017-05-02T08:30:21.000Z

Now , i get this result in the iobit scanner

IOBit software is not trusted here in this forum after this

Read >> https://forums.malwarebytes.com/topic/29681-iobit-steals-malwarebytes-intellectual-property/

jraju · 2017-05-02T13:08:50.000Z

Hi, Thanks for your reply. But malware bytes scan do not find anything suspicious in my computer scan. Probably they do not touch the network part or connections. I ran the scan mbytes and it shows everything as correct and no vulnerability. But, due to the fact that this port is used dangerously, i have given avast a clue to look in to this. I learnt a lot, by scanning my computer with the tools that it has .
For others, just disable this tr-069 , which is default settings, which is changed by the third party to enable and also accessing their website, at certain given times. This is what i did. i will confirm whether my internet goes off still when the system is in use after one or two logins. Thanks pondus

Eddy · 2017-05-02T13:23:03.000Z

Port 7547 is often used for remote control of end-user devices. (e.g. ISP’s are using it)

jraju · 2017-05-02T13:39:16.000Z

Hi, Eddy, I think that is the reason behind the attack on that port. Normally, router settings are changed or modified when the ISP changing the same in their servers. No separate communications are given for individual users because, each will have different brand of devices. If i come across any information, i will try to post it.
Hi, Eddy, i think you would be knowing this port attack on many of the router brands.
Avast scans this port as well , as could be seen from the services result, it produces, but i do not know, how the default settings could be changed inside a router. They just show the path as Tr-069 and using the port to establish remote access.

Pondus · 2017-05-02T13:43:46.000Z

Is your D-Link router plugged in to a cable modem from your ISP ?
If so, does it containe a firewall?

jraju · 2017-05-02T14:09:08.000Z

This is very difficult to find, as it contains so many menus in network tools. The description of the same router previous version menus are different from what i am using. I went to one setting called DOS, and enabled from attacks as given in the heading, which the dlink person, says correct. I do not have firewall menu as such. My ISP is configuring their own as well as router from other vendors. i checked with avast wifi inspector and has passed with green tick mark. The ISP configured , but he only configures connection point as given in the general tutorial. But i went to the router and browsed each item to find the third party url . Now as per dlink advice, i changed to dlink access and disabled it.

Announcements