dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
20

StuartMW
Premium Member
join:2000-08-06

StuartMW to Into Net

Premium Member

to Into Net

Re: Do you trust AT&T with your security?

said by Into Net:

Would you trust AT&T with your security?

I wouldn't trust any ISP. I currently have my own router behind my ISP's modem/router. I also have my own firewall rules (inbound & outbound), have changed all passwords from their defaults, and do not use the common (and obvious) LAN subnet of 192.168.0.x. I also use a 63 char totally random WPA-PSK key for my wireless network. In short I'm very careful.

Port 443 is for HTTPS (secure web server) so my guess is that AT&T's modem/router has a web server interface enabled by default. I'd access the device, from the LAN side, and see if you can turn it off. Even then I'd assume that AT&T has some backdoor into your router. If that bothers you put a 3rd party router between AT&T and your computer(s).
Into Net
join:2010-12-09

Into Net

Member

That is what I am thinking of trying is to use my router behind theirs.

I will see about changing the LAN subnet.

I will use a stronger Password than I have. Their set-up uses the electrical plug-ins/ethernet to the computers as a hard wired system.

I'm still not sure how to turn off 443 through the router or if i can.

AT&T has a back door to my router. The tech was going through it with me on the phone. He said when he clicked the Access Files his computer froze. :i

Thanks
19579823 (banned)
An Awesome Dude
join:2003-08-04

19579823 (banned) to StuartMW

Member

to StuartMW

 

quote:
I wouldn't trust any ISP.
No its not smart to!

I thankfully have a SMART FILTERING firewall (The one in the router is not enabled!)

Doctor Olds
I Need A Remedy For What's Ailing Me.
Premium Member
join:2001-04-19
1970 442 W30

Doctor Olds to StuartMW

Premium Member

to StuartMW

Re: Do you trust AT&T with your security?

said by StuartMW:

I'd assume that AT&T has some backdoor into your router. If that bothers you put a 3rd party router between AT&T and your computer(s).

They can undo anything you change if they want to including replacing the Firmware and/or locking you out. This includes all DSL Modems even ones that you bought 3rd party and own yourself (unless you know how to disable TR069).

TR069 - CPE WAN Management Protocol (CWMP)
»en.wikipedia.org/wiki/TR-069

PDF Reports:

»www.broadband-forum.org/ ··· -069.pdf

»www.broadband-forum.org/ ··· nt-1.pdf

»www.broadband-forum.org/ ··· nt-2.pdf

»www.broadband-forum.org/ ··· nt-3.pdf

StuartMW
Premium Member
join:2000-08-06

2 edits

StuartMW

Premium Member

said by Doctor Olds:

They can undo anything you change if they want to including replacing the Firmware and/or locking you out.

Yep. But the concern here (for me anyway) is preventing backdoor access to my LAN and hence computer(s).

To use an analogy many states requires rental properties to have internal-only deadbolts on the doors. Why? To keep the landlord (property owner) from entering the premises without permission and knowledge of the tenant.

Having a (secondary) router that I, and only I, control performs the same function.

Edit: I'm assuming here that your secondary router is just that and doesn't implement CWMP. I also assume that the router has all remote access (via WAN) capabilities turned off, its passwords changed from the defaults etc. To follow my analogy keyed (accessible from the outside) deadbolts can be opened by the landlord even when locked from the inside. That's why non-keyed ones are required.

Nightfall
My Goal Is To Deny Yours
MVM
join:2001-08-03
Grand Rapids, MI

Nightfall to StuartMW

MVM

to StuartMW
said by StuartMW:

said by Into Net:

Would you trust AT&T with your security?

I wouldn't trust any ISP. I currently have my own router behind my ISP's modem/router. I also have my own firewall rules (inbound & outbound), have changed all passwords from their defaults, and do not use the common (and obvious) LAN subnet of 192.168.0.x. I also use a 63 char totally random WPA-PSK key for my wireless network. In short I'm very careful.

Port 443 is for HTTPS (secure web server) so my guess is that AT&T's modem/router has a web server interface enabled by default. I'd access the device, from the LAN side, and see if you can turn it off. Even then I'd assume that AT&T has some backdoor into your router. If that bothers you put a 3rd party router between AT&T and your computer(s).

Not trying to cause an uproar here, but there are times when you can trust an ISP with your security. Look at Managed Internet Service through AT&T for instance. We have a ethernet drop and AT&T has their own managed router and service with us. They maintain the router. They ensure that the connection is always up. If the connection goes down, I am notified and they dispatch someone to come out and fix the problem.

I know, its a far cry from home service, but I still thought I should bring that up. Having a managed service where someone is watching the connection and the router is not a bad thing.
swsnyder
join:1999-07-23
Noblesville, IN

swsnyder

Member

said by Nightfall:

Not trying to cause an uproar here, but there are times when you can trust an ISP with your security.

How quick we (that is to say, you) forget: »www.pcmag.com/article2/0 ··· 1,00.asp
said by Nightfall:

They ensure that the connection is always up.

Of course they do. They have multiple customers that are interested in your traffic. After all, you might be a terrorist child pornographer drug runner money launderer illicit music downloader person of interest.