Scribd Logo
Upload

Welcome to Scribd!

  • Suggestions On HG Anti-TR064 Attacks-Procedure-EN V1.1

    Uploaded by

    vousnan
    3 views3 pages
    This document provides suggestions to prevent attacks on home gateways (HGs) that use the TR064 protocol. It recommends deploying firewall policies to block external traffic to TCP port 37215, which is used by TR064. An example is given of configuring a Huawei USG6600 firewall to deny traffic from the WAN to port 37215 to mask potential TR064 attacks. The document is marked as confidential and intended for internal use only.

    Original Description:

    tr69

    Original Title

    Suggestions on HG Anti-TR064 Attacks-Procedure-EN V1.1

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides suggestions to prevent attacks on home gateways (HGs) that use the TR064 protocol. It recommends deploying firewall policies to block external traffic to TCP port 37215, which is used by TR064. An example is given of configuring a Huawei USG6600 firewall to deny traffic from the WAN to port 37215 to mask potential TR064 attacks. The document is marked as confidential and intended for internal use only.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views3 pages

    Suggestions On HG Anti-TR064 Attacks-Procedure-EN V1.1

    Uploaded by

    vousnan
    This document provides suggestions to prevent attacks on home gateways (HGs) that use the TR064 protocol. It recommends deploying firewall policies to block external traffic to TCP port 37215, which is used by TR064. An example is given of configuring a Huawei USG6600 firewall to deny traffic from the WAN to port 37215 to mask potential TR064 attacks. The document is marked as confidential and intended for internal use only.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Suggestions on HG Anti-TR064 Attacks-Procedure Security Level

    Product name Confidentiality level


    INTERNAL
    Product version
    Total 53pages

    Suggestions on HG Anti-TR064
    Attacks-Procedure
    (For internal use only)

    Prepared by Wu Hongbo 00204257 Date 2017-12-03


    Reviewed by Date yyyy-mm-dd
    Reviewed by Date yyyy-mm-dd
    Granted by Date yyyy-mm-dd

    Huawei Technologies Co., Ltd.

    2023-01-05 Huawei Proprietary - Restricted Distribution Page1, Total3


    Suggestions on HG Anti-TR064 Attacks-Procedure Security Level

    Contents
    Suggestions on HG Anti-TR064 Attacks-Procedure.................................................................1
    1 Background.......................................................................................................................3
    2 Suggested Solution...........................................................................................................3
    3 Example of Setting the Network Firewall.........................................................................3

    1 Background

    Recently, attacks for TR064 home gateways (HGs) occurred. Some Huawei HGs also use TR064.
    Therefore, Huawei provides this document to prevent TR064 attacks.

    2023-01-05 Huawei Proprietary - Restricted Distribution Page2, Total3


    Suggestions on HG Anti-TR064 Attacks-Procedure Security Level

    2 Suggested Solution
    1. If the firewall has been set for the network, you are advised to deploy polices to prevent attacks
    from external traffic. This is a workaround to avoid subsequent attacks. For details, see "Example
    of Setting the Network Firewall".
    2. If no firewall is set, it’s recommended to block TCP 37215 port at the up-layer equipment.

    3 Example of Setting the Network Firewall

    The following uses Huawei network firewall USG6600 V100R003 as an example to show your
    detailed procedure. Actual commands and command outputs vary with device version and
    manufactures, which are provided by firewall manufacturers.
    Step 1. Log in to the network firewall, set the rule of prohibiting the TCP37215 port, and mask
    TR064 packet attacks on the WAN side.
    Example:
    [NGFW]ip service-set server1_port type object
    [NGFW-object-service-set-server1_port]service 0 protocol tcp destination-port 37215
    [NGFW-object-service-set-server1_port]quit
    [NGFW]security-policy
    [NGFW-policy-security]rule name policy_sec_deny1
    [NGFW-policy-security-rule-polocy_sec_deny]source address address set server_deny
    [NGFW-policy-security-rule-polocy_sec_deny]action deny
    [NGFW-policy-security-rule-polocy_sec_deny]quit

    2023-01-05 Huawei Proprietary - Restricted Distribution Page3, Total3

    You might also like