background, I have Verizon FIOS service supplied via the VZ supplied Actiontec router.

Earlier this week I logged into my Verizon supplied Actiontec router via it's web interface. I immediatly noticed the familiar light blue Actiontec screen was gone and a red & black Verizon screen took it's place. Upon logging into the router I noticed that it's firmware had been updated sometime over the weekend. What I found a bit annoying was that Verizon did not inform me they would be updating software on my network. It also tells me that Verizon has a backdoor into the router. If they can update the firmware the certainly can monitor or change my settings. #Fortunately my main home network is on a firewalled subnet that is fed off the Verizon/Actiontec router. A ethernet wire from the Actiontec goes to a Linux box running NAT/iptables and several networrk services including DNS, mail, web, cvs, ssh.

Just wondering if anyone has noticed this upgrade ? In a way I am glad they #did it as it fixes several issues including an update to the new DST rules. #I am going to run a portscan on the router as I am interested to know what ports it holds open.

Perhaps I should be grateful. Still I am a bit wary of anyone making updates without my knowledge and/or accessing any part of my network with out my knowledge/permission. Then again VZ probably considers the Actiontec to be THEIR side of the network even though I #can log into it and configure it as I please...

Hmm.. I just noticed that too....

KB3ONC

Ah, apparently they have done this upgrade to most of their FIOS customers routers. Apparently the more technically adept FIOS customers (the ones who actually log into the router) are just beginning to notice this forced upgrade. I saw one or two other comments about it on the web.

I remember reading a while back that people were reporting a certain port on the Actiontec was wide open to the world. A lot of people were speculating what this was for. We may now have our answer. However I have not seen anything describing specific port activity in the limited logs the router maintains. I forget what the port number was. I'll see if it can find it and if it shows up on a portscan.

I heard a rumor that the upgrade is supposed to fix some functionality that is to be used for the Verizon TV when they roll that service out. Beyond that I noticed it updated the DST rules and changed the appearance and layout of the menu for better or for worst. Fortunately it left all my personalized settings intact.

Is the router theres, rented? Or did you purchase it?

If the former they can upgrade it, just like the cable co can upgrade the firmware on their boxes (I notice mine's updated periodically).

I wish I could get the FIOS service, not avail in my area of hicksville within suburbia.

They have alot of "thou shalt not run servers" though that I find very annoying. If I pay for an internet connection, I will do what I want with it.

They don't make that very clear as to whether I am renting the router or whether I own it. Technically I am allowed to make any changes I want to it's configuration, take it offline, upgrade or downgrade the firmware so, it would appear that I own it. But then they sneak in and upgrade without telling me so it makes it seem like they own it. It seems like its a grey area.

From a technical standpoint if they own the router then they own my whole home network since access to the router would (undermost circumstances) give them control of my entire network. The only think that separates VZ from my actual netowrk is another router that I run.

Had the same situation here, and am not thrilled. If VZ can upgrade it, there are probably a zillion hackers that can too!

Also noticed that the router seemed very flaky last couple of weeks (WinDop$ refused to connect to it, tho Linux usually would). Turning the router on and off generally restored things. Now it seems to have gotten itself straight. I assume there were several upgrades.

My guess as to ownership is that VZ owns it for the first year (if you cancel service they want it back), but after one year it's yours.

While the FIOS is great, I find that a lot of my downloads don't give me the advertised bandwith. Suspect this is a server side issue with the websites.

Id take a look at the agreement for the service. Its probably online, and you probably clicked accept on it when you registered the service, or handed to you in a bunch of papers when you signed up, or sent to you, etc.

I bet one of the provisions covers this. You know how lawyers are http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif I remember seeing such a clause in my AT&T DSL contract papers too. They can, in fact, replace my modem if they wish (at no cost to me) at any time.

Before I finally chucked them, I had 3 modems from them. A real old alcatel one that I started with 7 years ago, then when I moved I got another, and the one I have now when I was idiotic and switched to Clearwire. Never again. I'll stick to DSL period http://www.qrz.com/iB_html/non-cgi/emoticons/smile.gif

Quote[/b] (k3wrv @ May 10 2007,06:35)]# # Also noticed that the router seemed very flaky last couple of weeks #(WinDop$ refused to connect to it, tho Linux usually would). #Turning the router on and off generally restored things. #Now it seems to have gotten itself straight. #I assume there were several upgrades.

# # My guess as to ownership is that VZ owns it for the first year (if you cancel service they want it back), but after one year it's yours.

#
Quote[/b] ]
Had the same situation here, and am not thrilled. #If VZ can upgrade it, there are probably a zillion hackers that can too!


Yeah... that is why I'd like to close up any open/unused ports on the thing.

I haven't noticed anything peculiar about the routers behavior other than the recent VZ upgrade.

Actually I run all my machines in the house on a subnet fed off the router. I have my own router (a Linux box acting as a router/firewall/server/etc.) connected to the VZ router. Everything else runs behind that second router. I even use a separate wireless access point running behing the Linux router instead of the wireless connection directly on the Vz router. This adds (hopefully) an added layer of protection. It does make things a bit more complicated when it comes to doing things like port forwarding, etc. as everything is double NAT'ed.

Quote[/b] ]
# While the FIOS is great, I find that a lot of my downloads don't give me the advertised bandwith. #Suspect this is a server side issue with the websites.


Probably. You're only going to download as fast as they gan send stuff out to you.I have a 20/5 connection... 20 mbps down and 5 mbps up, Where it comes in handy is when the network is busy. And belive me, for a household it does get busy sometimes, especially when the kids are over sand everyone is online. I could have several people streaming audio/video simultaneously and still have bandwidth to spare.

Quite a big change from a year ago at this time when my entire network was running off a single dialup connection shared by the entire network. When you fired up and tried to access a website when the network was busy you would wait...and wait... and wait...and wait. Not to mention the dialup connection would frequently balk and crash quite often and have to redial out for a new connection. Big difference between then and now.

I you find out what port they're using, please post the info and how to block it. I run Linux too, but am NOT a geek!

Will do. Believe it or not the Actiontec router runs on Linux. If you open a command shell on any Linux box and if yu have remote administration via ftp activated for the Actiontec you can log into an ftp session on the router via any network connected linux box via

$ telnet <your-ip-address> <ftp-port>

so, if your router is configed to use ftp port 8023 and it's assigned ip addy is 71.x.x.x you would enter

$ telnet 71.x.x.x 8023

Which would drop you into the actiontec's ftp command line interface.

At that point you would enter

> shell

And the router will drop you into the "Busybox" lash/ash command shell. If you type the Unix directory listing command at that point

$ ls

You'll notice a directory listing surprisingly identical to that of a typical Linux or Unix installation, i.e.

/bin
/var
/home
... etc

One in the busybox cli you can enter any common Unix command, i.e. cd, ls, cp, cat, mv, ..

I would however be extremely careful as you would have root access at this point and it would be quite easy to wreck the routers functionality by accidentally issuing a "rm" or "rmdir", or "mv" command and obliterate something important.

To exit the Busybox cli you would enter

# exit

which drops you back into the ftp CLI at which point you enter

> exit

to exit from the ftp session and log off the router.

Now I'm not saying you'd nessesarilly want to do any of this. In my case I like to explore stuff like that and find out for myself what's inside the router and behind the GUI interface.

Boy, talk about digressing from the topic at hand....

I read about that port somewhere and a method to block it. I'll see if I can dig up the info and/or any new info and I'll post it here.

This happend on my DSL modem from verizon to.