Customers With Disabilities
  • RESIDENTIAL
  • BUSINESS

    Verizon Business Sites

  • WIRELESS
  • Services  
  • My Verizon  

    Email & Calls

    Check Email

    Verizon Visual 411

     

     

    Bill & Payment

    View Bill

    Pay Bill

    Pay Final Bill

    Manage Auto Pay

    Manage Paper Free Billing

    My Services

    Add or Change Services

    Renew or Change Bundle

    Review Account

    Manage My Internet

    Manage My Voice

     

  • Support  

    Community help

     

     

     

     

  • Watch FiOS  

    Watch thousands of your favorite TV shows and movies On Demand and Live. Rent or buy your favorites and watch them on any device. Or, check what's on tonight and program your DVR. You can do it all!

    Watch Free TV & Movies

     

     

    Rent or Buy

    Set your TV Viewing Experience

  • Trending  

    Check out this personalized, real-time feed featuring the latest content and entertainment from around the Web including new headlines, sports, entertainment and more.

     

     

     

     

     

    See what's Trending!

Reply
Copper Contributor
bbrown9
Posts: 13
Registered: ‎11-28-2009
0 Kudos

Remote administration disabled on my router, but can still log in using WAN IP address

Nothing is checked off on the Remote administration page of my MI424WR  router, but when I access my WAN IP address, I can connect to my router and login to it. Also, I disabled ping access, yet I can still ping the WAN IP address.

 

The LinkSys router I had before getting FIOS was completely stealthed. It didn't respond to anything from the outside world unless I setup a DMZ or port forwarding.

 

What am I missing in this setup? Why can't I get this thing into stealth mode?

RJA
Contributor
RJA
Posts: 8
Registered: ‎05-03-2009
0 Kudos

Re: Remote administration disabled on my router, but can still log in using WAN IP address

I'm having this exact same issue.  Out-of-the-blue decided to do a scan at Shields Up! and discovered multiple open ports (telnet, secure telnet, http, https).  Figured it might be remote administration but nothing is checked.  Would love to be able to figure out how to close the ports and disable remote administration.

 

My equipment is (Model: MI424WR-GEN2, Hardware version E, Firmware: 20.9.0).  Had FiOS but then recently had FiOS TV installed and received that new router.

 

Anyone have any ideas?

All Star
viafax999
Posts: 1,734
Registered: ‎11-10-2009
Device: Chromecast tv phone
Plan: Digital Voice, 75/35
Location: Westford MA
0 Kudos

Re: Remote administration disabled on my router, but can still log in using WAN IP address


bbrown9 wrote:

Nothing is checked off on the Remote administration page of my MI424WR  router, but when I access my WAN IP address, I can connect to my router and login to it. Also, I disabled ping access, yet I can still ping the WAN IP address.

 

The LinkSys router I had before getting FIOS was completely stealthed. It didn't respond to anything from the outside world unless I setup a DMZ or port forwarding.

 

What am I missing in this setup? Why can't I get this thing into stealth mode?


 

I assume you are entering http://your.wan.ip.address from within your local network, similarly you are trying ping from your internal network  ??

 

If you enter tracert your.wan.ip.address you will see why when it returns that your ip address is only 1 hop away, possibly more dependant on how many routers you have on your internal network between your machine and the VZ router.

This is normal behaviour.

You are accessing the internal side of the router and no ports will be blocked on that side.  To really see you need to go to a remote machine and try.

RJA
Contributor
RJA
Posts: 8
Registered: ‎05-03-2009
0 Kudos

Re: Remote administration disabled on my router, but can still log in using WAN IP address


viafax999 wrote:
You are accessing the internal side of the router and no ports will be blocked on that side.  To really see you need to go to a remote machine and try.

I can access my wan ip address from outside my local network on a remote machine.

All Star
viafax999
Posts: 1,734
Registered: ‎11-10-2009
Device: Chromecast tv phone
Plan: Digital Voice, 75/35
Location: Westford MA
0 Kudos

Re: Remote administration disabled on my router, but can still log in using WAN IP address


RJA wrote:
I can access my wan ip address from outside my local network on a remote machine.

If you go into admin, firewall settings, general what is security set to?

 

Is there anything checked in DMZ Host?

 

Do you have anything that is not your entries in the port forwarding table?

 

Are you using Static NAT?

 

What do you see in the Security log??  Hopefully a lot of red and very little green

 

Have you tried resetting the router to defaults and seeing if that clears the issue?

 

RJA
Contributor
RJA
Posts: 8
Registered: ‎05-03-2009
0 Kudos

Re: Remote administration disabled on my router, but can still log in using WAN IP address

[ Edited ]

If you go into admin, firewall settings, general what is security set to? 

Typical Security - Medium  / Block IP Fragments unchecked

 

Is there anything checked in DMZ Host? 

No, that DMZ Host IP Address box is unchecked.

 

Do you have anything that is not your entries in the port forwarding table? 

Three entries all placed by Verizon:  TCP 4567, and two entries for our two DVRs (UDP 63145 and UDP 63146).

 

Are you using Static NAT? 

No.

 

What do you see in the Security log??  Hopefully a lot of red and very little green 

No red and very little green.  Some of the green is showing my work IP connecting to my wan IP.

 

Have you tried resetting the router to defaults and seeing if that clears the issue? 

Not yet.  I can do that in Advanced - Restore Defaults, correct?  What will I need to do once this is done?

All Star
viafax999
Posts: 1,734
Registered: ‎11-10-2009
Device: Chromecast tv phone
Plan: Digital Voice, 75/35
Location: Westford MA
0 Kudos

Re: Remote administration disabled on my router, but can still log in using WAN IP address

[ Edited ]

RJA wrote:

If you go into admin, firewall settings, general what is security set to? 

Typical Security - Medium  / Block IP Fragments unchecked

 

Is there anything checked in DMZ Host? 

No, that DMZ Host IP Address box is unchecked.

 

Do you have anything that is not your entries in the port forwarding table? 

Three entries all placed by Verizon:  TCP 4567, and two entries for our two DVRs (UDP 63145 and UDP 63146).

 

Are you using Static NAT? 

No.

 

What do you see in the Security log??  Hopefully a lot of red and very little green 

No red and very little green.  Some of the green is showing my work IP connecting to my wan IP.

 

Have you tried resetting the router to defaults and seeing if that clears the issue? 

Not yet.  I can do that in Advanced - Restore Defaults, correct?  What will I need to do once this is done?


You should show a MAJOR a mount of red  and very little green

The green should only be what YOU allowed the red is everything else that is being rejected

 

Have you tried resetting the router to defaults and seeing if that clears the issue? 

Not yet.  I can do that in Advanced - Restore Defaults, correct?  What will I need to do once this is done?

 

That isn't good, you would expect to see something like this

Dec 15 19:29:40 2009 Inbound Traffic Blocked - Default policy UDP 78.20.190.27:52250->{edited for privacy}:1024 on eth1

 

Dec 15 19:29:38 2009 Inbound Traffic Blocked - Default policy UDP 86.44.201.193:42826->{edited for privacy}:1024 on eth1

 

Dec 15 19:29:30 2009 Inbound Traffic Blocked - Default policy UDP 122.107.182.246:30170->{edited for privacy}:1024 on eth1

 

 Dec 15 19:29:28 2009 Inbound Traffic Blocked - Default policy UDP 128.208.17.161:37808-{edited for privacy}1024 on eth1

 

Dec 15 19:29:25 2009 Inbound Traffic Blocked - Default policy UDP 78.233.0.234:23187->{edited for privacy}:1024 on eth1

 

Dec 15 19:29:23 2009 Inbound Traffic Blocked - Default policy UDP 94.21.98.87:6690->{edited for privacy}:1024 on eth1

 

Dec 15 19:29:17 2009 Inbound Traffic Blocked - Default policy UDP 90.21.80.52:18579->{edited for privacy}:1024 on eth1

 

Dec 15 19:29:14 2009 Inbound Traffic Blocked - Default policy UDP 87.248.95.97:15427->{edited for privacy}1024 on eth1

 

Dec 15 19:29:11 2009 Inbound Traffic Blocked - Default policy UDP 12.172.150.2:37052->{edited for privacy}:1024 on eth1

 

Dec 15 19:29:05 2009 Inbound Traffic Accepted Traffic - Service Skype TCP at 192.168.1.23:10834 (1079): TCP

 

I know, I just showed everybody my current WAN address but am fairly confident that my security is good.  Everything in green is being passed to the inside, all the red stuff is being denied access

 

Yes that is how it's done.  Everything will be reset to startup.  The userid will be admin and the password will be the default password - is that password ord password1 ??  maybe someone else can answer that??

After you've reset to default you will need to enter YOUR port forwarding rules again, it sound like you have enabled something for your work to access your local network, RDP(TCP 3389)?

 

My Verizon

Support Tools

Watch FiOS

Trending

  • Visual 411