dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
15471
share rss forum feed


Dave651

@qwest.net
reply to ArizonaSteve

Re: [Qwest] New Firmware Q1000

Thanks ArizonaSteve, yes, I surveyed the new menu layout and as far as in the last revision of the firmware something L34, I had all remote administration off unless Qwest/CenturyLink had a backdoor I wasn't privy to. It really pi--es me off on what they did, I own the equipment and they push a unsolicited software upgrade that left the unit vulnerable to unauthorized access by members of my internal network. I was given no notice nor did I give explicit authorization to hijack and hack.

Its like taking over somebodies telephone or fax machine and reprogramming the device functionality without your authorization or knowledge. I'm fortunate there wasn't a malfunction during the pushed upgrade otherwise I might have had a bricked modem/router.

The last time I had a network outage greater than 8 hours which happen after the Qwest acquisition CL came back online and connected me with a 5mbit service. I noticed but didn't say anything.

I had perfect service until that outage. CL was going to let me ride with the 5mbit service while I had the 7mbit package. I squawked foul, called them on it after trying to explain my situation with a English challenged speaker and just like magic, I was back to were I supposed to be.

The sad thing is, I think, CL was going to continue giving me the slower speed while I was paying for the higher speed. So I suggest to everyone, check your modems and see if you are getting what you pay for unless another upgrade comes along so you can't check.

I hate being cynical but I call it as I perceive it.

ArizonaSteve

join:2004-01-31
Apache Junction, AZ
Reviews:
·voip.ms
·CenturyLink

1 edit
I haven't had any of the updates change any of the settings unless I performed a Restore to Defaults or pressed the Reset button on the back. Did you have an Admin password set too? They probably do have a back door into the unit but setting the password should keep everyone else out.

Technicholas
Premium
join:2010-11-11
Winterset, IA
reply to Dave651
What I do is bridge my modem they can't touch it if its a "dummy modem" and I use my cisco router to manage dhcp and ppoe auth.

CenturyLink
VIP
join:2009-03-09
Boise, ID
kudos:7
reply to Dave651
Dave,

I understand how frustrating this is and would like to help please email account information to us at talktous@centurylink.com. We will be able to review services and answer questions.

Thanks
Patti
Centurylink Help

travelguy

join:1999-09-03
Santa Fe, NM
reply to Technicholas
As do I. It's a pain doing firmware updates though.

tgronke

join:2006-12-01
Portland, OR

1 edit

1 recommendation

Backdoor is likely there. Even if you disable remote administration, the Q1000 with Qwest badge still answers on SSH from the internet (fun if you want to port-forward SSH to an internal server). If you get into the BusyBox shell ('sh' after logging in locally via SSH), you'll find a 'support' ID in /etc/passwd along with 'admin'. Other postings indicate similar Actiontec hardware with a Verizon badge has a high TCP port left open for remote administration.

In Portland, OR, firmware QAQ002-31.20L.4 showed up recently. There are many new or changed menus in the Advanced Setup section, particular in preparation for IPv6.

Warning if you muck around. I found on the earlier firmware that some un-enabled menus are available if you muck through the HTML directory listing and try loading them in your browser. If you actually try loading some of them, you can give your Q1000 amnesia -- a pin reset was required to re-establish service, not just a power-cycle.

sulli2p

join:2002-08-19
Minneapolis, MN

1 recommendation

reply to Dave651
Yep. My owned (not rented) Q1000 was also "upgraded" recently without my knowledge, using a backdoor around my password. I only found out because my SMTP send stopped working. Turned out somehow CL disabled port 465 (which support denies (my workaround is 2525 until they block that)), and replaced my secondary OpenDNS server with their own. My Slingbox had also stopped working, a simple reboot fixed that. Now many of the firewall port config options are greyed out.

Do they really think that all users keep their default settings and that they can make these upgrades "transparent". Or would they prefer that knowledgeable Internet users simply take their business elsewhere.


abqlocal

@qwest.net
reply to openupshop
My Q1000 updated to this version automatically over the last day or 2, and I still have access to main.html

I did notice the interface changed but is still branded as qest, am surprised the branding didn't update.

dprus

join:2010-01-15
Snoqualmie, WA
Reviews:
·CenturyLink
reply to openupshop
It appears as though CenturyLink also forcefully upgraded my firmware as well. What's worse is that even though the /main.html page is still there, it's completely broken.

A lot of the links give me 404 errors, my dynamic DNS configuration is no longer working, and that page is also giving me a 404.

So, not only did CenturyLink force an update on my modem, it appears as though they also did a crappy partial upgrade or something and broke the firmware at the same time.

Finally, when I tried to download the latest firmware to reflash it to see if that would fix the problem - the download link doesn't work anymore (»download.qwest.com/internethelp/modems/q1000). I can't even download the latest firmware and manually flash my modem now to fix it

This is a really crappy situation CenturyLink!


msj
Premium
join:2004-05-21
Fort Collins, CO
kudos:1

1 edit

1 recommendation

reply to Technicholas
said by Technicholas:

What I do is bridge my modem they can't touch it if its a "dummy modem" and I use my cisco router to manage dhcp and ppoe auth.

Don't assume that when the modem is in transparent bridging mode that they still don't have a backdoor. Note that on the local side of the modem you can still log in and check status etc. while in transparent bridging mode. There's nothing preventing a backdoor on the wan side even while in transparent bridging mode, although it would be additional work for little payback (on their part, since probably a fairly low percentage of their customers use transparent bridging mode).

However, one advantage of your setup (which is similar to mine) is that even if CL screws up and does something to weaken security (in the unlikely scenario where they do have a backdoor that works for modems in transparent bridging mode) you still have your router/firewall which is not under CL control blocking access to your internal network.

ArizonaSteve

join:2004-01-31
Apache Junction, AZ
reply to dprus
dprus, I can email you the file if you need it.

dprus

join:2010-01-15
Snoqualmie, WA
Reviews:
·CenturyLink
So I got the new firmware from ArizonaSteve and applied it to my modem and I'm still getting the 404 errors everywhere when I click links from /main.html. I tried resetting the modem by holding the reset button for 30 seconds as well and that didn't help either.

I finally e-mailed the TalkToUs guys at CenturyLink and they're overnighting me a new modem (which is pretty good service). I'll be receiving that modem tonight and hopefully things will be somewhat back to normal. Just FYI for anyone else who's having the same problems I am.

ArizonaSteve

join:2004-01-31
Apache Junction, AZ
I don't use main.html and don't know if I ever could but 192.168.0.1 works fine.

dprus

join:2010-01-15
Snoqualmie, WA
I wonder then if they actually broke /main.html ? Is anyone else using the latest firmware and all the links under /main.html still work fine?

dprus

join:2010-01-15
Snoqualmie, WA
Reviews:
·CenturyLink
So I just received the replacement modem from CenturyLink and verified that on »192.168.0.1/main.html many of the links give 404s and the pages are screwed up. This is obviously "by design" for this new firmware from CenturyLink.

It's a pity - the firmware looks broken and half-baked now and I've lost the ability to see what my actual line sync speed is (i.e. my line syncs at ~80mbit/~13mbit even though I only have the 40/5 service. At least, this much was true when I could view this information using the old firmware).

Add this to the fact that the firmware update that was automatically pushed to me broke many of my settings and forced me to spend 20 mins fixing everything and I think this entire update process was performed very poorly by Centurylink. I'm not the happiest right now.

ArizonaSteve

join:2004-01-31
Apache Junction, AZ
Reviews:
·voip.ms
·CenturyLink

1 recommendation

Yeah, looks like their main emphasis was on adding IPv6 and they didn't pay much attention to how other areas were impacted. They fixed some things that were broken before like reporting an actual value for Attenuation instead of always showing zero. Some of the features that used to be there have been moved to other areas like self tests now being located on the blue Utilities page but there doesn't seem to be any place that displays the sync speed anymore. The next upgrade will probably fix the broken links, etc.

bbigg

join:2011-12-06
CF10 3BB
reply to kiknwing
Couldn't post QAQ002-31.20L.4, could you? I'm trying to figure out why what I'm building from source can't get the ethernet ports going (which I've been able to do under previous bcm source releases.

Thanks in advance


Denver Bob

@qwest.net

Re: [Qwest] New Firmware Q1000 - QAQ002-31.20L.4

My modem was also updated to the new software - without my knowledge, but since I am now leasing it - I guess it was within their purview.

I did have admin passwords set, remote access was enabled with an admin password that I set and had a DDNS that used to work, but now doesn't.

After several family members complained this or that wasn't working - I physically reset the modem and the broken stuff started working again. I just checked the software version and found it on the new one.

A note to Century-link --> I don't mind you updating the firmware - Just give me a head's up when you do - Please. If things break, it makes it easier to understand what happened. I am sometimes not home for weeks - so I don't know when you push, nor do I hear "oh, this stopped working" from my family. If I was aware, I could tell them, "Go power cycle the modem - and let me know if it still doesn't work".

I see several posts that customers OWN their own modem - Legally you should not push an update unless given specific approval. If you believe you have the authority - maybe it is time to reiterate that you have the authority or would like to have that authority. That equipment is theirs - not yours.

It is nice to have re-configurable equipment - don't get me wrong, but if it is my equipment - it is my decision, not yours. At least with Microsoft, you can shut off updates - because some of us want stable platforms that don't change underneath us - without our control.


aefstoggaflm
Open Source Fan
Premium
join:2002-03-04
Bethlehem, PA
kudos:7
Reviews:
·PenTeleData
·Verizon Online DSL
said by Denver Bob :

If you believe you have the authority - maybe it is time to reiterate that you have the authority or would like to have that authority. That equipment is theirs - not yours.

If this modem is not from your ISP, shame on them.

If this modem is from your ISP, that is most likely in the ToS that they can remotely control the router (including update firmware).
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact.

hutington

join:2011-05-04
Boulder, CO

1 recommendation

reply to Dave651

Re: [Qwest] New Firmware Q1000

This also happened to me in the last November. I was traveling and the unexpected firmware upgrade caused lot of problem in my house (internet tv , VOIP etc). When returned I was wondering how this can happen without my knowledge. This post answers the question. I too think that CenturyLink should have given a heads up before forcing an upgrade. Also I notice that the modem now uses 79% of the memory while serving 12 devices. That said, I am very happy with the new firmware. I haven't noticed any change in download/ upload speed (stays constantly at 18.5 / 4.6) . With the upgrade, the modem now reserves an IP for each MAC address. Previously the devices used to get random IP from Q1000 after a reboot. I also love the automatic update of WAN IP to DynDns. This is great from me since I check my home camera (and login to the router) remotely. Also I noticed that the remote login to the router is much faster now.

TechWhiz

join:2004-10-30
Phoenix, AZ

1 recommendation

reply to es1
There's a workaround I've noticed with the administrator login not logging out.

Once you're done configuring, go to http://<modem_ip>/login.html and enter the wrong login info. You will be logged out.

Another interesting page in this firmware is at http://<modem_ip>/supportutilities_toolbox.html which seems to give you the ability to mirror traffic from one port to another port on your network.

hutington

join:2011-05-04
Boulder, CO

1 recommendation

What is the use of mirroring traffic ?


Subaqua

@macktronics.com
reply to TechWhiz
My modem was also upgraded back in the Nov 2011 timeframe. I didn't have any trouble until I noticed that I could long ping my modem but it was still routing traffic just fine .. So I let it go because I could still get to the Internet and I figured I would find some time to looking into why the admin interface wasn't working later.

And then in late December I started having multiple failures where I would lose access to the internet ... my DSL link would be fine but for some reason, I had lost authentication (this is according to the tech at CenturyLink). Rebooting the modem always resolved the problem but since I have servers running web sites for people I didn't want the outages to continue.

So, I opened up another case with Century Link and they dispatched a tech out and he did circuit testing inside and outside the home and back to the CO and I think put me on another port back at the CO. They didn't find any issues with the physical circuit which agrees with the DSL line quality data they were seeing from their office ... the line looked good.

So ... anyway while the tech was here, he of course wanted to look at the administration interface on the Q1000 and I showed me the new peculiar behavior that only occurs when running version QAQ002-31.20L.4.

With QAQ002-31.20L.4:
- you can access the admin WebGUI and telnet Interface only when the "INT" lite is off.
- if you unplug the phone line from the modem, you can ping the modem; if you plug the phone line back in, you can continue to ping and reach the admin interfaces until the point in time when the INT light turns back on.
- He said he had never seen this before and said I must have a bad modem.

So ... he went and grabbed a new modem from the truck which still had the factory installed release of QAQ01-31.00L.34. We hooked this up and put in my needed changes for authentication and the static IP settings and I was back on-line with both DSL and INT lights on *AND* I could still reach the admin interface and ping the address of the router from my directly connected computer.

Next, we decided to apply the firmware update (since I figured they would push it anyway without asking). We did that and as soon as we were running version : QAQ002-31.20L.4, the admin interface was no longer available whenever the admin link is up! So, there's something with this firmware version, QAQ002-31.20L.4
that when used in combination with my settings that prevents all access to the modem when it is authenticated to ISP and routing traffic.

Nobody at Century Link was useful in helping so I am asking for any ideas out here.

My settings are basically:
- no wireless
- 1 block of static IP addresses (a /29)
- I disabled the firewall on the router to see if that had anything to do with it ... no change
- no nat / port forwarding or anything

I have a couple internet exposed servers directly connected to the Q1000; one of them is a homemade Linux router which does NAT/DHCP on the internal network.

It's been configured this way for 14 years (prior to the Q1000 I had Cisco 675/678 routers)

Anyone else seen this behavior ? Any ideas?

Thanks in advance,

> swversion
QAQ002-31.20L.4

Ken339

join:2012-02-17
Sedona, AZ
reply to ArizonaSteve
well my modem was also updated with new firmware and I have nothing but problems also. One thing that is missing is you can no longer change the wireless speed from 20 mhz to 40mhz enabling you to get the full wireless N 300 speed,I used to get 270, now I get 130, the setting was in the wireless set up 802.1x, the only way out is to get a new modem and notify "Century Fink" not to download firmware to your modem, if you connect a new modem and don't call them the firmware will automatically download,I am dumping their service as soon as I can get cable run to my house, anyway just my 2 cents worth
Ken

Chongo

join:2007-12-11
Phoenix, AZ
reply to openupshop
The new firmware allowed me to use the Q1000 my sister was no longer using after she moved. My Motorola 3347 was blocking ewtn.mobi . When I initially tried the Q1000 it would not train. I noticed the firmware zip file posted in this thread and updated the modem and it trained. (I can go to ewtn.mobi now!) I went to work the next day and when I got home I found the modem was updated to the latest firmware.

csinkhorn

join:2012-03-06
Denver, CO

1 recommendation

reply to openupshop
the firmware QAQ002-31.20L.4 is worthless when it comes to transparent bridging. I have been trying for a week to get it to work and no luck. What happens when i put it in transparent bridging is it shows its in but i am still able to access the modem. The modem is still authenticating with century link and they are saying nothing is wrong. talked to actiontec and they agree something is wrong with the firmware.

in short i am about fed up with century link and about to tell my customer to get someone else.

they have sent me one replacement already, but it had the new firmware and did the exact same thing......

trying to get them to send me a q1000z to see if that modem will work better with transparent bridging... we will see...