dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7285

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member

[FiOS] Block Frontier Router Management


Block Frontier Router Management
Actiontec MI424-WR

1) Disconnect router from WAN.

2) Reset router to factory default.

3) Apply firewall rules to drop TCP port 4567 on all broadband connections.

Firewall Settings - Advanced Filtering

Input Rule Sets:
Broadband Connection (Ethernet) Rules
Any Any TCP Any -> 4567 Drop Active

Broadband Connection (Coax) Rules
Any Any TCP Any -> 4567 Drop Active

Output Rule Sets:
Broadband Connection (Ethernet) Rules
Any Any TCP Any -> 4567 Drop Active

Broadband Connection (Coax) Rules
Any Any TCP Any -> 4567 Drop Active

4) Re-Connect router to WAN

wayjac
MVM
join:2001-12-22
Indy

wayjac

MVM

You may be able to disable the cwmp client via cli
JWolf
join:2002-09-29
Beaverton, OR

JWolf to NOYB

Member

to NOYB
Can you explain what this does and what it blocks Frontier from doing? Thanks.

gsal
@verizon.net

gsal to NOYB

Anon

to NOYB
what's the benefit of doing this?
said by NOYB:

Block Frontier Router Management
Actiontec MI424-WR

1) Disconnect router from WAN.

2) Reset router to factory default.

3) Apply firewall rules to drop TCP port 4567 on all broadband connections.

Firewall Settings - Advanced Filtering

Input Rule Sets:
Broadband Connection (Ethernet) Rules
Any Any TCP Any -> 4567 Drop Active

Broadband Connection (Coax) Rules
Any Any TCP Any -> 4567 Drop Active

Output Rule Sets:
Broadband Connection (Ethernet) Rules
Any Any TCP Any -> 4567 Drop Active

Broadband Connection (Coax) Rules
Any Any TCP Any -> 4567 Drop Active

4) Re-Connect router to WAN


Sarick
It's Only Logical
Premium Member
join:2003-06-03
USA

2 edits

Sarick to NOYB

Premium Member

to NOYB
I wasn't going to mention this but since someone posted this I might as well point more out. Yours is based for FiOS setup and modem/router Mine is the DSL service SE567 or whatever so this might not apply to you however, it might give added insight to something you missed.

This isn't the only thing that needs done. In my case the router detected that no incoming connections have been made and eventually "called out." On the my modem it would open a port 80 connection to a specific IP where the services normally come from and make an active connection.

YES the modem will open up the firewall to port 80 even if you blocked this service. Most routers have this port open anyway so it would be completely undetected. It can then request the updates despite the firewall blocking that incoming port. As I stated earlier you might not even see this connection on the firewall listing because it's normally open. If you do see it chances are it'll be restricted and you most likely won't be able to disable it.

There are ways to block this using weaknesses in the way the firmware accesses rules but the average user need not worry about it. The rules are setup as first come first serve. When the router itself opens a restricted firewall rule it creates a rule in the 2000's directly to the IP of the servicing site.

This second stage is simple to fix. If you know the IP it calls out just make a lower firewall rule 2000 that blocks that specific IP address it calls out. In fact once you create the first block listed above and block all outgoing connections the router practically gives away the IP address that will be blocked.

What will end up happening after this is done is the router will create a firewall setting rule 2k pluss to open the port to it's base. If you figured it out already and created a lower rule it'll effectively block the rule created by the router.

I've used this trick a lot of times creating ports that where allowed out for lower ports then having a rule 99999 that blocks everything else outgoing. Because the lower rules are checked in sequence lowest to highest the lowest rules have priority over the higher rules. This allows them to activate first and ignore the higher rules completely bypassing them.

This might not be the same for your setup, I just thought you should be aware of my findings and experience in another setup.

NOYB
St. John 3.16
Premium Member
join:2005-12-15
Forest Grove, OR

NOYB

Premium Member


Ever since implementing this "Block Frontier Router Management" the MI424-WR Rev C FiOS router has remained up for more than 80 days with no changes to hostname, dns servers, etc.

Problem free for more than 80 days.
NOYB

NOYB

Premium Member


Until power outage last night, router had been up for more than 110 days with no changes to hostname, dns servers, etc.

Shutting out Frontier router management has resulted in problem free operation for more than 110 days.
NOYB

NOYB

Premium Member


Has been 5 months now. So far no sign of Frontier breaking in to MY network anymore.