dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
9695
share rss forum feed


David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice

1 recommendation

Fair warning! 3rd party purchase of U-verse IPDSLAM modem

Fair warning about 3rd party purchases of the Motorola 2210 U-verse IPDSLAM modem

The following information is important as recently a security certificate recently expired.

If the modem (UVerse motorola 2210) has the firmware lower or prior to 7.8.7r27 it will not and cannot authenticate to the AT&T U-verse network as of 8/31/12

Why?- See below

Answer: 802.1x authentication uses SSL, so we have to have SSL certificates for it to work. All certificates are signed by what is called a CA (Certificate Authority) that guarantees the certificate is valid. The original CA that signed the certificates used in U-verse expired 8/31/2012. Firmware updates were pushed to all CPE live on the network that contained a new CA , any device not on the network past 8/31/12 will not get the new CA and can no longer authenticate!!

When did AT&T start the update?
The update started to be pushed as early as mid-May of 2012, and is still being pushed to this day to the devices that are currently live on the network.

Is there a way AT&T can force the update to my device?
No.- The 802.1x authentication process is what allows the CPE access to the network. Since the CPE does not have the right CA (expired), the authentication process fails and the CPE is not allowed onto the network. Without network access the firmware update cannot be pushed down to the CPE.

What about manually updating the modem via the administration web page?

Answer: The firmware is not available in an off-line package that can be used on that page, it is only made available via network push.

Can I swap the modem?
I know that any modem that was still with the original owner and that failed to take the firmware update, we swapped them out free of charge like for like (this assumes they still have service). If you purchased it anywhere else at&t does not warranty or replace those.

My modem is live and currently doesn't have it. Can you request for my modem to receive it.

Yes with condition!-
The modem must be on and in service active to recieve the push! We will attempt to send a manual network push to your modem which should update it unless it doesn't accept it. If it does not accept it, you may need to replace it (which if you are the original owner of the modem that replacement is free of charge- mentioned above)

I have a ADSL 2210 Motorola DSL modem does this affect that modem?
No- Those modems are not affected by this nor will they ever be. They do not rely on Security Certificate authentication.

--
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!

Edit-1: spelling



Mangix

join:2012-02-16
united state

what about 3rd party motorola 2310 modems? i feel that the situation might be similar...



David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
reply to David

I have nothing on the 2310's at this time. I also do not have anything on any other models except this one.



ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
reply to Mangix

Pretty sure the certificate expired on the 2310s & 2Wire/Pace 3600s & 2701 HGV-Bs as well, unless they have the latest firmware



madbear

join:2000-09-03
Veedersburg, IN
reply to David

So -
If I have a 2210-2-1ATT that I got via eBay to use in place of my NVG510, and:
1. Netopia SOC OS version 7.8.7 (build r9)
2. The last "802.1X Supplicant - FAILURE MAC xx-xx-xx-xx-xx-xx" message was repeated 3 times
It's (and I'm) borked?

And my understanding is that I can't get this unit anymore from at&t?

I have the NVG510 apparently working OK in IP Passthrough mode ahead of my SamKnows WNR3500L router, but if/when my WAN IP address changes (don't have static service), apparently I'm offline until I manually reconfigure the router with the new IP address (trying to do it dynamically results in an unusable 255.255.255.255 subnet mask).

Sigh...



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to David

Damn.. I just ordered a modem off eBay. I hope the seller had it online recently enough to be updated. Guess I'll find out later this week when it arrives.
--
University of Southern California - Fight On!



brg

join:2001-01-03
Chicago, IL
kudos:1
reply to David

David:

Is Software Version 7.8.7r27 then the most "current"/"up-to-date" software for the Motorola Netopia 2210-02 ADSL Modem?

Thanks,

Brian



David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice

said by brg:

David:

Is Software Version 7.8.7r27 then the most "current"/"up-to-date" software for the Motorola Netopia 2210-02 ADSL Modem?

Thanks,

Brian

No, No ADSL modems are affected.


KrK
Heavy Artillery For The Little Guy
Premium
join:2000-01-17
Tulsa, OK
reply to David

Answer: The firmware is not available in an off-line package that can be used on that page, it is only made available via network push.

And this was clearly by design. Engineered obsolescence and control. Buy from us, and us only--- at whatever price we dictate.... or worse, we won't sell it, and charge you a monthly rental fee.

Honestly: This type of crap ought to be illegal.
--
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Benito Mussolini


brg

join:2001-01-03
Chicago, IL
kudos:1
reply to David

said by David:

said by brg:

David:

Is Software Version 7.8.7r27 then the most "current"/"up-to-date" software for the Motorola Netopia 2210-02 ADSL Modem?

Thanks,

Brian

No, No ADSL modems are affected.

We're talking past each other... :)

What I posted was copied from the Tech. Readout of my Uverse IPDSLAM modem. It calls itself a plain-old ADSL modem:

4 Friendly Name Motorola Netopia 2210-02 ADSL Modem
 
More directly, my question is this: I have the above Uverse IPDSLAM modem. It reflects the following software:

 9 Model DSL Firmware Version DSP 8.2.2.179, HAL 8.2.2.166
10 Model Software Version 7.8.7r27
 

I was wondering if that is the most current version that has been pushed to these modems...

Brian


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

1 edit
reply to KrK

said by KrK:

Answer: The firmware is not available in an off-line package that can be used on that page, it is only made available via network push.

And this was clearly by design. Engineered obsolescence and control. Buy from us, and us only--- at whatever price we dictate.... or worse, we won't sell it, and charge you a monthly rental fee.

Honestly: This type of crap ought to be illegal.

Agreed. I think it's ridiculous that AT&T calls these "third-party" modems, when they originally sold them. What does it matter if I bought it from somebody else? Obviously this is done to kill the aftermarket and force their $100 fee on everyone.

If my modem is "outdated", then I'm hoping to figure out a way to upgrade it manually, but I'm not so confident it'll be possible.
--
University of Southern California - Fight On!


David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
reply to brg

ahh you have one... and it appears yours is current. You shouldn't have any problems with that, that is the correct version.


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to KrK

Correct. But it's about protecting that certificate. With that cert, you can get anything to sign-on as anyone. (in fact, you could get almost any PTM capable VDSL/ADSL modem to work.)



ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Reviews:
·AT&T U-Verse
reply to David

Here is a question:

Why are not the U-Verse compatible customer owned modems (2Wire/Pace 3600, Motorola 2310 for VDSL2; Motorola NVG510, Motorola 2210 for ADSL2+) available for customer purchase at the online AT&T store, like the non-U-Verse ADSL modems?

»www.att.com/equipment/accessorie···ment.jsp
»www.att.com/equipment/accessorie···dems.jsp



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to cramer

And what is the downside of using any modem? It worked just fine with ATM based ADSL (from a consumer standpoint).

I don't understand AT&T's stranglehold on the modem, other than they really don't want to lose out on the modem fees.
--
University of Southern California - Fight On!


cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8

The modem isn't the issue. Securing access to the network is. Uverse isn't using PPPoE to identify accounts. People are a lot more careful with their username/password; they cannot be with a device serial number and the same cert used by everybody. (read: everyone has the same username (cert) and the serialno is the password.) Granted, one still needs physical access to the network (read: dsl service) for this to work -- 'tho DSLAM ports can be turned on and off. [that's what we used to do sans PPPoE... customer stops paying the bill, we turn the port off.]



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

The CA is public knowledge. You can distribute it anywhere without any loss in security. Presumably the modem has other identifying certs or serial numbers that are used during the 802.1x authentication process.

Even without that, you said it yourself. Authentication is mainly handled at the physical level by deactivating the port at the CO. The rest is just to keep unauthorized modems (not users) off the network.
--
University of Southern California - Fight On!



LightS
Premium
join:2005-12-17
Greenville, TX
reply to KrK

said by KrK:

Answer: The firmware is not available in an off-line package that can be used on that page, it is only made available via network push.

And this was clearly by design. Engineered obsolescence and control. Buy from us, and us only--- at whatever price we dictate.... or worse, we won't sell it, and charge you a monthly rental fee.

Honestly: This type of crap ought to be illegal.

I agree. It's a huge load of BS, & David continues to avoid that. It's obviously available, they just choose to not make it available. This is why I will never have AT&T again until they change their shoddy business practices.

cramer
Premium
join:2007-04-10
Raleigh, NC
kudos:8
reply to Thinkdiff

said by Thinkdiff:

The CA is public knowledge.

CA (Certificate Authority)... yes, the public key is public, but it's only used to verify a signed certificate. Either the CA signing certificate (a closely guarded secret) or the device's authenticating certificate (signed by the CA, the same on every device) has expired. The authentication cert is NOT public knowledge. AT&T is not going to put it anywhere it can be easily extracted. (aside from the device that uses it. and even there, it's not easy.) If they were actually turning ports on and off, they wouldn't need this mess.

It's rather a moot point as there's currently no market for VDSL modems.


David
I start new work on
Premium,VIP
join:2002-05-30
Granite City, IL
kudos:101
Reviews:
·DIRECTV
·AT&T Midwest
·magicjack.com
·Google Voice

2 edits
reply to LightS

said by LightS:

I agree. It's a huge load of BS, & David continues to avoid that. It's obviously available, they just choose to not make it available. This is why I will never have AT&T again until they change their shoddy business practices.

I am not avoiding it I am just reporting it. From what I got the modems that are actually be affected isn't going to be a very large number.

Technically I didn't have to say or post anything at all, please keep that in mind.

--
If you have a topic in the direct forum please reply to it or a post of mine, I get a notification when you do this.
Koetting Ford, Granite City, illinois... YOU'RE FIRED!!


Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11

Appreciate the information, as now I'll know why my modem might not work next week.

Still wish AT&T would be more accepting of the third-party market. Not only does it save the customer some money (making them happier), it's also less wasteful. Tons of AT&T modems are sitting around in closets unused because they try to force brand new equipment on everyone.
--
University of Southern California - Fight On!



brg

join:2001-01-03
Chicago, IL
kudos:1

1 recommendation

reply to David

Folks, David did us all a big favor posting relevant information. Don't shoot the messenger. And don't try to pin him down on -- or pin on him -- corporate decisions that he had nothing to do with...



NetFixer
Snarl For The Camera Please
Premium
join:2004-06-24
The Boro
Reviews:
·Cingular Wireless
·Comcast Business..
·Vonage
·Comcast

said by brg:

Folks, David did us all a big favor posting relevant information. Don't shoot the messenger. And don't try to pin him down on -- or pin on him -- corporate decisions that he had nothing to do with...


--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Reviews:
·AT&T U-Verse
reply to brg

said by brg:

Folks, David did us all a big favor posting relevant information. Don't shoot the messenger. And don't try to pin him down on -- or pin on him -- corporate decisions that he had nothing to do with...

Agreed.

David is a great help to a many people

ipman

join:2010-08-31
San Jose, CA
reply to David

any ideas when does the NEW certificate expires? I guess the modem was designed by Mayans?



Thinkdiff
Premium,MVM
join:2001-08-07
Bronx, NY
kudos:11
reply to David

Well crap. Just got my modem and it has 7.8.7r9.

If it's just a matter of new firmware, why can't AT&T post the firmware file for 7.8.7r27 so we can connect? Does anybody know where to get the firmware?
--
University of Southern California - Fight On!



DataRiker
Premium
join:2002-05-19
00000

said by Thinkdiff:

Well crap. Just got my modem and it has 7.8.7r9.

If it's just a matter of new firmware, why can't AT&T post the firmware file for 7.8.7r27 so we can connect? Does anybody know where to get the firmware?

Rethink possible.

They could have just posted it online for download, but then they wouldn't be the most anti consumer obsolete relic of a monopoly would they


DesertRats
Premium
join:2003-11-23
Santa Clarita, CA
reply to David

Just to clear the mud in my mind am I correct that if I were to get a 2210-02-1ATT with firmware version 7.8.7r27 I would be able to replace my NVG510 and use my old router?

Would it be plug and play or will it require re authorization or something?

As others have said thanks for your info. and help.



ILpt4U
Premium
join:2006-11-12
Lisle, IL
kudos:9
Reviews:
·AT&T U-Verse

said by DesertRats:

Just to clear the mud in my mind am I correct that if I were to get a 2210-02-1ATT with firmware version 7.8.7r27 I would be able to replace my NVG510 and use my old router?

Would it be plug and play or will it require re authorization or something?

As others have said thanks for your info. and help.

If it has the current firmware, it would work to replace an NVG510. It would be plug and play. As long as it is a good modem, it should work

No promises or warranties though on equipment acquired from sources other than from AT&T

alex14464

join:2004-11-11
Bonne Terre, MO

there has to be a way to get this firmware somehow? like the 2wire 2700 i had, took me a wile to find it but got it