When I was back on the east coast, we had Verizon DSL. When we moved out here to Colorado, we decided to go with Qwest (because Verizon was a joke and Comcast was sadistic). We quickly realized that the DSL packet encapsulation was different on Qwest so our Verizon modem wouldn’t work. Instead of getting one from Qwest, we decided to purchase a Zoom ADSL x5 modem from CompUSA (R.I.P.).
After yet another Qwest modem dying, I’m glad we picked that thing up. Qwest seems to be unable to get modems right. This latest one, an Actiontec 5100 (bastardized) was pretty good. The interface made sense, it gave you a good amount of features and it was pretty stable. It was much better then the one before it, a 2Wire 2701HG-D, in that it’s power circuit didn’t fail after about a month of lite use.
The major problem with the Actiontec 5100 are the open ports on the thing. Like most routers, it has the option to enable a remote management port that you can connect from via the WAN interface. Normally, that port is (like most secure connections) 443. However, after scanning the WAN interface, I noticed that there was another port open, 4567. Even with remote management turned off, you can still get into the router on port 4567 if you have the password. The only way I was able to disable that port was by specifically enabling the Remote Management option and change it’s port to 4567. In that case, you weren’t able to connect to the router on ports 443 or 4567 - well at least it wouldn’t give you a page on 4567 because the routers web server freaked out.
So I’m not sure whats going on here. Why would this port be open? Is it a “secret” way for Qwest to be able to look at your router settings? Is it for automatic updates? Or, perhaps the most fun idea if not slightly unexpected, did malware of some type get into this device?
This last idea gets me thinking about some possibilities. While the filesystem on this particular device is almost all read-only, it’s a straight forward embedded linux system with the ability to apply firmware updates from the web interface. I’m waiting for the day (it’s probably already long past) when a single rouge modem with a slightly modified firmware will infect other modems worm style. It’d be funny to see a botnet of modems…