1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Open ports on your TiVo

Discussion in 'TiVo Underground' started by eboydog, Aug 7, 2014.

  1. Aug 7, 2014 #1 of 20
    eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    I'm figured out that doing a port scan against my Roamio's can cause them to reboot. Now I'm trying to figure out which port causes this.

    I have odd results so far, as just doing a port scan doesn't always cause my Roamio to reboot but in the one times that I did, my scanner utility showed port 3791 open however other times when the scan completes, I'm not showing it open so I believe it has something to do with that port or a port after it.

    These are the ports I show open on my Roamio PLus and Pro, port 3791 only shows up when the box reboots:

    80,443,1390,1393,1400,1410,1413,2190,2191

    Any thoughts? My utility (AngryIP) default starts at port 1 and ends at port 6100
     
  2. Aug 8, 2014 #2 of 20
    telemark

    telemark New Member

    1,544
    1
    Nov 12, 2013
    I don't see on the AngryIP website the type of scan it's doing.

    The web detection column though might mean it's doing an HTTP request which could cause undesirable behavior for other protocols.

    I suggest switching to NMAP so you can be sure what it's doing.

    http://nmap.org/book/man-port-scanning-techniques.html

    If you have crashing still, going from High to Low should give you a different result at least.

    As a first glance, your list is missing 31339, do you have network remotes turned off?
     
  3. Aug 8, 2014 #3 of 20
    wmcbrine

    wmcbrine Ziphead

    10,368
    22
    Aug 2, 2003
    He noted that it only scans up to 6100.
     
  4. Aug 8, 2014 #4 of 20
    telemark

    telemark New Member

    1,544
    1
    Nov 12, 2013
    Oops, well, there's another reason to switch scanners.

    This is what I get on 2 tuner Premiere running 20.4.2
    Code:
    # nmap -p1-65535 -sS $IP
    Not shown: 65520 filtered ports
    PORT      STATE  
    80/tcp    open   
    443/tcp   open   
    1390/tcp  open   
    1393/tcp  open   
    1400/tcp  open   
    1410/tcp  open   
    1413/tcp  open   
    2190/tcp  open   
    2191/tcp  open   
    8430/tcp  open   
    9080/tcp  closed 
    31339/tcp open   
    50184/tcp open   
    56789/tcp open   
    56790/tcp open   
     
  5. Aug 8, 2014 #5 of 20
    eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    I downloaded the win gui version and oh boy I think I broke something as on the first scan a few minute into it, the tivo in question rebooted but came up with green screen stating "the TiVo box has detected a serious problem and now attempting to fix it" NEVER seen that before....

    I was tried an intense scan, "nmap -p1-65535 -T4 -A -v192.168.50.80"

    This is the output of the scan results:

    "Completed Service scan at 22:23, 106.25s elapsed (14 services on 1 host)" was when the TiVo rebooted

     
  6. Aug 8, 2014 #6 of 20
    eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    The green screen state it would take up to four hours but it came back up in about 5 minutes, the TiVo appears to be ok?

    Tried another scan and it again, caused the TiVo to reboot....

    Think I should turn this over to TiVo and see if I can find someone there who might make more sense of this? Granted port scanning is something that one typically does on their network but doing such should reboot your TiVo should it?
     
  7. Aug 9, 2014 #7 of 20
    telemark

    telemark New Member

    1,544
    1
    Nov 12, 2013
    Tivo's will reboot as a reaction to when certain software components crash or has a logic error. So that safety mechanism is working properly, but it's not suppose to have such a bug in the first place.

    It would be kinda odd to say it as, I want my box to be happy while being probed... but sure normal computers are suppose to be stable no mater what comes at them from the network, otherwise we'd have DOS attacks that were reboots.

    Tivo's are a bit different as they're not equipped for public (hostile) environments. If someone were to put a Tivo on a public network, then someone in Russia would be controlling the remote.
     
  8. Aug 9, 2014 #8 of 20
    wmcbrine

    wmcbrine Ziphead

    10,368
    22
    Aug 2, 2003
    I'm pretty sure my TiVos never rebooted when I did a scan. Granted, it's been a while...
     
  9. Aug 9, 2014 #9 of 20
    kdmorse

    kdmorse Active Member

    5,034
    8
    Jan 29, 2001
    Germantown, MD
    I've never seen it reboot under either a Syn scan, or a TCP Connect scan, or anything else that I would consider a simple port scan.

    But both angryip, and adding -A to nmap do a wee bit more than a 'port scan'. It connect to each port, and runs a series of tests designed to get the service to identify itself. ie, it's mean.

    And I can report -A -T5 -p1-65535 did indeed crash my box nastily.

    A strategic search of the port range could probably narrow down the sensitive service fairly quickly.
     
  10. eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    It's not a Roamio thing either, ran intense scan against my Premiere and it rebooted too, including the green serious error has occurred when it came back up.

    Not shown: 65516 filtered ports
    PORT STATE SERVICE VERSION
    80/tcp open http TiVo To Go httpd 20.4.4.J3-01-2:746:alpha
    443/tcp open ssl/http TiVo To Go httpd 20.4.4.J3-01-2:746:alpha
    1390/tcp open iclpv-sc?
    1393/tcp open ssl/iclpv-nls?
    1400/tcp open cadkey-tablet?
    1410/tcp open hiq?
    1413/tcp open ssl/innosys-acl?
    1500/tcp open vlsi-lm?
    2190/tcp open tcpwrapped
    2191/tcp open tvbus?
    2410/tcp open unknown
    2411/tcp open unknown
    2412/tcp open unknown
    8430/tcp open unknown
    9080/tcp closed glrpc
    31339/tcp open unknown
    50184/tcp open unknown
    56789/tcp open tcpwrapped
    56790/tcp open tcpwrapped

    As it made it to port 56790, can one assume the offending port was after that somewhere?
     
  11. telemark

    telemark New Member

    1,544
    1
    Nov 12, 2013
    So, I'm not recommending to run this, since you got a Green screen... but if you're going to do it.

    You would run one pass, that's non probing. That gives you the list of ports of interest but with no traffic transferred. This is not suppose to reboot yet.

    Then you would run the probe test on each of the discovered ports, one at a time. Ideally, exactly one of the ports will cause the crash, but nothing prevents more than one having the same symptom except luck.

    What you're doing is called fuzz testing btw.
    http://en.wikipedia.org/wiki/Fuzz_testing

    Edit:
    And when vendors don't do it as QA, Hackers will use it to mess with / get into systems.
     
  12. eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    I opened an incident with TiVo esp after seeing the same behavior with the premiere. This should be interesting to see what they say as I assume they will either dismiss it and say "don't port scan" or advance the issue to a higher tier support.

    There is a another thread in the Roamio section about reboots, were someone posted a vague reply that port scanning can cause reboots which I was hoping they would respond back with more details of what they knew but so far they haven't.
     
  13. eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    Wow, that was fast... This is TiVo support reply:

    Thank you for contacting TiVo Customer Support. I would be glad to help you with your rebooting issues. If the Roamio box only reboots when you are doing the IP scan we would recommend not running the scan on the TiVo box. The TiVo box only connects to the TiVo Service to pull Guide Data and only connects to your network while streaming, this is an unnecessary process for you to continually scan your TiVo box.



    I'm going to push it a little and see if I can get a better reply.
     
  14. telemark

    telemark New Member

    1,544
    1
    Nov 12, 2013
    Hmm and on a Sunday too. I wonder if it's one of their common responses.

    If you really want to pester them, you could say you're on open Wifi or Internet and someone else is probing your box, causing it to reboot. But you're going to have to explain how you figured that out and why you can't secure the Internet.

    Some but few apartments and dorms are run that way.
     
  15. eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    I was surprised too as I didn't expect an answer until at least Monday!

    I'm not a i hi-tech security analyst but given what I do know about port scanning and how many of the early port scanning allowed malicious access when other steps and data injection was included, if I was a.crafty person, knowing the proper port to attack could possibly offer a backdoor into the TiVo. Now granted there isn't a lot of sensitive data in my TiVo but being compromised is being compromised. What's the worse that could happen? I don't know, buying a bunch of ppv video?

    Simply stated, something isn't responding well. An aggressive port scan should not reboot a TiVo and such indicates there is more to this than just rebooting.
     
  16. eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    I tried turning off network remote and disabling home apps with no change. Any thing else that might be optional to disable?

    The reboot occurs after all ports have been scanned and open one are detected, then the scanner is queires the open ports to determine the services running so the reboot is an effect of the scanner attempting to see what services are being offered on the open ports.



    I'm baffled why the reboot causes the green screen?

    [​IMG]

    (Not mine pic but one I googled, it's the same one I'm getting word for word)
     
  17. telemark

    telemark New Member

    1,544
    1
    Nov 12, 2013
    Have you looked at the Tivo logs? It should explain quite a bit.
     
  18. innocentfreak

    innocentfreak Active Member

    8,950
    3
    Aug 25, 2001
    Florida
    Might be worth an email to Margret, she is more aware than support.
     
  19. bradleys

    bradleys It'll be fine....

    3,687
    4
    Oct 31, 2007
    Out of curiosity, what is the reason you are doing an open port scan of the TiVo anyway? Are you trying to diagnose the reboot issue some people have reported?

    [​IMG]
     
  20. eboydog

    eboydog Just TiVo'ing.....

    904
    0
    Mar 23, 2006
    I have a larger than typical network and I assign static addresses to tivo devices and other main hosts by assigning addresses at the router. I just upgraded my router and had to set everything up from scratch.

    i did get the attention of a couple TiVo engineers and they are looking into it.

    Yes, I was looking at the reason for rebooting and stumbled across the port scan issue by accident, the majority of rebooting issues that others are having is most likely not due to scanning. But who knows, if someone's home network was compromised by the NSA it could just be big brother watching you.
     

Share This Page