FIOS router remote admin access

Discussion in 'other security issues & news' started by YourNameHere, Aug 20, 2010.

Thread Status:
Not open for further replies.
  1. YourNameHere

    YourNameHere Registered Member

    Joined:
    Jul 24, 2010
    Posts:
    13
    So I tried bumping the last thread about this subject, but it's too old.

    Came across this link from 2009: robot5five.blogspot.com/2009/07/ok-check-this-out.html

    according to the author, the user login/pw to port 4567 for remote access is the same for every router. He even claims that the password can be found on the web. note: i'm not talking about the default password that verizon sets on your end, but the pw they use to access your router for firmware upgrades or whatever else it is they do.

    any validity to these claims?
     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    With every installation of FIOS/w router, Verizon distributes a red bundle package labeled FIOS. In that package is a CD with documentation on their ActionTec router that contains instructions on how to de-install their router, and substitute another with an example of how to do it.

    As for the ActionTec router, if you follow the instructions, it is easy enough to close off port# 4567. Recently, due to the Black Hat conference in Las Vegas, it was pointed out about the default router passwords. Verizon changed all customer default passwords that have never been changed to the Serial number of the router which is physically located on one of the router labels. An astute customer will have already changed the default user=admin's password to something else, otherwise, Verizon (who has a record of your serial number) can, of course, login to it.

    So, if you close off port # 4567, but fail to change the admin account's password to something that Verizon does not know, then they can still login to your router to make changes (not necessarily a bad thing if it isn't working properly).

    Only the default passwords for most commercially available routers are posted on the Internet - yes, including Verizon's routers.

    They have never posted a firmware upgrade that I am aware, at least to my router version.

    See: The word on Verizon FiOS and Linux about hacking the router using the Verizon FiOS CD instructions.

    -- Tom
     
  3. YourNameHere

    YourNameHere Registered Member

    Joined:
    Jul 24, 2010
    Posts:
    13
    I actually did read your original post on this topic before making this thread.

    Though I've read elsewhere that those instructions will not actually work for newer routers:

    "That link is quite dated. Note the blue "mega control panel". Predates the VZ branded router and firmware. ...that port forward is now hard-coded and can't be deleted. There also used to be a technique for disabling port 4567 through the configuration file, however, I believe that no longer works either.

    Yes, it gives VZ limited access to your router, however, it is an encrypted protocol requiring valid SSL certificates. Not something that is easily hacked. Port 4567 is handled solely within the router and not forwarded to your LAN."

    I'm not necessarily concerned with verizon having access, but other entities with more malicious intentions. That blog post I linked in my original post hints at this possibility.
     
    Last edited: Aug 21, 2010
  4. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
    Thinking about a way to access the router, instead of the usual browser based access, it is possible (or should be) to access the router via telnet - I have a link on how to turn off web activity logging and I'm pretty sure that is the way they accessed it, and then to turn off the logging they redirected to /dev/null via a symbolic link - it was a great post. Here is the link for it: How to disable the Actiontec DSL modem web activity log.

    Ok, so once you get into the router, you might have to use some skills related to iptables to change the configuration for Port 4567, and then save the new configuration (perhaps by following up with a browser session) so that it can be replaced automatically whenever there is a new boot of the router (I'm guessing). Of course, this whole scheme depends on telnet being enabled.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.