Secure the Thomson TG585

<p>The Thomson TG585 v7 provided by the Telekom Austria (with a branded firmware) is delivered with system access from every user registered with the modem by wlan or lan. The problem is that the modem knows a default-user (with default-privileges) who can get system access without any password. This user can add other users with passwords, but his own password is still blank so everone in the network is able to have access to the system of the modem. You can also not delete this default-user or make another user with real admin privileges.</p><p>Additionally some plugins like "Identification of invaders" are turned off and cannot be turned on by clicking a button or cannot be accessed.</p>

Taggings:

Submitted by Elisabeth Weigl on Tue, 11/10/2009 - 19:03
1 answer

Create new user.ini file

This solution is only for customers who do not have iptv from the TA.You can download an almost fixed users.ini file from here http://www.dieschmids.at/View-details/TG585v7/28-TG585ohneIPTV_AlwaysOn_... . But there have to be some changes.

  1. In section [ wireless.ini ] you can change ssid=MeinSpeedtouch to ssid=<ssid_what_I_want> and you should change the presharedkey=DeinSchluessel to a useful key.
  2. In section [ ppp.ini ] change the values of password and username to the values the TA gave you before uploading the file to the modem.
  3. The ip address of the modem is changed to 192.168.1.254/24. If you do want to change this, go to the [ ip.ini ] (addr=192.168.1.254/24) and [ dhcs.ini ] (gateway=192.168.1.254) sections and make your changes. But be aware that DHCP provides ip addresses between 192.168.1.64 - 253! If you want to change this range too, go to the [ dhcs.ini ] section.
  4. To insert a admin user go to the section [ mlp.ini ] and insert<code>add name=<username> password=<reasonable password> role=Administratoradd name=<username> password=<reasonable password> role=TechnicalSupport </code>The second user has to be created because the administrator user cannot connect from outside and by creating a user the remote maintentance from the TA cannot connect anymore to the modem. With the TechnicalSupport user (or root, this is also possible) this maintenance can be guaranteed, but the supporter from the TA still has to know the password you specified.)
  5. Change the name of the file to user.ini.
  6. In a webbrowser connect to your modem's configuration gui (usally 10.0.0.138) and go to "Thomson Gateway" -> "Konfiguration" -> "Konfiguration speichern oder wiederherstellen". In the second section browse for your edited user.ini file and click on "Konfiguration jetzt wiederherstellen".
  7. After the modem has been updated all four ethernet ports should be open to connect (no iptv on two ports anymore), IDS (the Identification of invaders) is active, DHCP server active, DHCP pool from 192.168.1.64 - 253, the modem runs on ip address 192.168.1.254 and there are two users (with passwords) who have access to the configuration of the modem.

 

Submitted by Elisabeth Weigl on Tue, 11/17/2009 - 11:15

Taggings: