Flutterby™! : Watching TR-069

There's this technology called TR-069, which your ISP likely uses to be able to look at the configuration information on your home router, especially if you rent or lease your router. They do this for debugging purposes, it's tremendously useful to help figure out what your issues are.

It's always bugged me a little bit, and I've always thought that one should consider networks behind TR-069 enabled routers as essentially public WiFi, with all of the same security concerns and precautions you'd use if you were going to use those same computers and services in your local coffee shop.

To be fair, this probably isn't so much about mass attacks, criminals casting wide nets to catch open security holes have many other juicy targets to attempt that with, as it is about someone interested in a specific target. But in general if you've got a network that has unencrypted traffic, where devices trust each other, you probably want another firewall behind your ISP's router.

And this is particularly annoying if you're trying to set up a network behind crappy CPEs like the Pace modems that don't do ISPv6 very well, and don't have a pass-thru mode...

Anyway, code is at https://github.com/mhils/tr069

The paper is at Watching the Weak Link into Your Home: An Inspection and Monitoring Toolkit for TR-069