×

Switch Account

FiOS Quantum G1100 / BHR4 Router - Missing the Advanced Filtering capability of the MI424WR

FiOS Quantum G1100 / BHR4 Router - Missing the Advanced Filtering capability of the MI424WR

SOLVED
Reply
Contributor Armylifer98
Contributor
Posts: 4
Registered: ‎02-14-2017

Advanced Filtering.

The Quantum FiOS Router, while fast and including some great features, is missing one of the most important ones that its predecessor (the BHR3/MI424WR) model did have.  The Advanced Filtering capability allowed you to define a filter on external IPs to allow, drop, or block those IP Addresses.

 

Use Case:  I define a port forwarding rule for a Windows 10 client on my network at 192.168.1.121 to allow RDP (Port 3389) access.    Now I can Remote desktop to that client when I am away from the house. 

 

But so can everyone else .. and beleive me .. *everyone else* tries!

Mass port scans find that port open which are followed up by subsequent attempts to login to that service on that Windows 10 Client along with exploit attempts to access it as well.  

 

With the Advanced Filtering function on the MI424WR router I could create "Access Rules" that essentially said .. drop any attempts from external IP addresses to port 3389.  Allow only the following IP Addresses/Ranges into that port.

 

While I still left it open to anyone else who had a FioS IP or from the IP ranges of my wireless provider which is not perfect.  At least I could block every other random Brazil/China/Russia/etc IP from reaching it.   

 

I noted this was missing in the firmware of the when I first received the Quantum FiOS router 2 years ago.  I reached out to ask about it and was escalated through to the Quantum Router engineering team.  It took some back and forth to explain what the issue was but I walked them through the interface on my old router via a webex and they said that this was slated for a coming firmware update.  I accepted that because the router was a new addition and growing pains were expected. 

 

But two years have passed and a phone call today revealed that they have no intention of reproducing this feature on the Quantum FioS Router.   Apparently Verizon feels no need to help keep their users secure.   They've grown complacent in thier #1 position.

 

Well, remember the old #2 motto .. "We Try Harder"?   I'll let ya'll know if I am able to do this on the Xfinity Router that I will be moving to when my FiOS agreement expires at the end of March. 

 

Hank the Armylifer.

 

9 REPLIES 9
Contributor Kevinrli
Contributor
Posts: 2
Registered: ‎10-20-2012

Well this is a big step backwards... No advanced filtering? All hyped up on getting the 1GB connection and now I find myself vulnerable to malicious attacks. Apparently this issue has been ongoing with the Quantum Gateway since it's inception. Well Verizon will be getting an ear full later today. This is nuts.

Gold Contributor VII
Gold Contributor VII
Posts: 4,669
Registered: ‎10-18-2016

@Kevinrli wrote:

Well this is a big step backwards... No advanced filtering? All hyped up on getting the 1GB connection and now I find myself vulnerable to malicious attacks. Apparently this issue has been ongoing with the Quantum Gateway since it's inception. Well Verizon will be getting an ear full later today. This is nuts.


Let me make this a dual reply for you both. You don't have to use Verizon's routers. You can do like I and many others do and just buy a router from Netgear or Asus etc. I use the nighthawk and it's secure. 

 

Just because you see attempts against your network does not mean the attacks are getting through.

 

go to Mr. Gibsons site http://www.grc.com

take the tests.

 

if you have a correctly set up firewall and use a company like Malwarebytes you should be ok.

 

the new speed has nothing to do with safety or security it's just faster pipe. Nothing more. Relax 😀

Highlighted
Contributor Armylifer98
Contributor
Posts: 4
Registered: ‎02-14-2017

Kevin -

I was not relating the SPEED to anything.  I was only referring to the firmware of the new Quantum Router.  Yes - you certainly CAN purchase additional equipment to work around the limitations of the firmware on the new router.  The fact that I HAD to was the real complaint.   You are not talking about a cheap fix. The Nighthawk routers are anywhere from $100 to nearly $300 depending on where you get them from and if they are new or used.    But still- yes -  that is how I do it too.  One additional router for my lab and another for my household network.  In the end-  I was just disappointed in a broken promise.  The up/down speeds of Xfinity were not as they are advertised so I ended up reneweing with FiOS but just generally disappointed.  

Contributor sohaeido
Contributor
Posts: 1
Registered: ‎10-10-2017
Message 5 of 10
(3,810 Views)

If you enabled port forwarding and you do not have advanced filtering then you are not secure. Antivirus and malewarebytes will not help.  If it is port 3389 then hacker can attempt brute force attack once they sniff that port is open. Antivrus will not flag this as an alert.  with this being a home lab, there is not logging analysis that would detect there is an intruder guessing different password on your machine via RDP port.

 

Verizon really dropped the ball when it came to not having this feature.  Or may be I should say, we were too lucky to have had the advanced filtering with the westell router and now we are complaining because it is not there.

 

With that said, I have yet to find a router that offers advanced filtering. I have done quite a bit of googling. The only ones are the real firewall ones which are $500+.

If anyone knows of a gigabit WAN port router that can do advanced filtering then please let me know.  Do not refer me to google. I want someone who has some experience as I am not having good luck.

thank you

Contributor Sodo
Contributor
Posts: 1
Registered: ‎02-18-2018

This situation blows.  I used Advanced Filtering as well and to not have it is a real loss.  I’ll put in a call to Verizon to see if anything has changed in these intervening months.

Contributor Armylifer98
Contributor
Posts: 4
Registered: ‎02-14-2017

Quantum Router G1100 Lacks Advanced Filtering  -

 

Nothing has changed on this request in over two years.  The feature existed (heck .. still exists if you want to go back to it!) on on the previous ActionTec MI424WR Router but the new GreenWave-Built device is lacking this highly important functionality.  It was in the very beginning and though the Greenwave Engineer that I spoke to back in the dark ages when this conversion occurred said it would be merged into the code again - it remains missing.  I am sorely disappointed.    It cost me hundreds of $$ to fix this using additional equipment to secure my home network.  

 

The rest is pure commentary .. read on only if you are needing help to fall asleep ..

 

When you look and compare the two GUIs between the GreenWave unit and the Actiontec you can tell that they were copying it verbatim and just adapting it to the different hardware.  If the Greenwave device was found not to be able to support this feature then I am sure that it was a failure by GreenWave in the contract that they had with verizon .. I would bet a 6-pack that the checklist they were given was to reproduce the functionality of the Actiontec .. which they have failed to do.  Perhaps that was never the *deal* .. but I find it hard to beleive that a tech-savy company like verizon did not ask for everything that was in the MI424WR and MORE.   Like as not .. Greenwave blew it but now Verizon is stuck with the current restrictions until whatever new device is architected and manufactured.   Well .. Verizon .. when you DO .. please ensure that support for Advanced Filter is returned and that the hardware supports a high number of devices natively.  i.e.; there are 6 adults in my house .. each with a computer, phone, and some tablets.  It also includes 6 TV boxes with 2 of those being DVRs.   Currently extended with two additional Routers for household, guests, and a home office.   There are 3 Ubiquity devices extending the wireless through the house and to the back-yard.   While the SOHO component may be more that most utilize .. you can see from the previous posts that others use the same muliple router solutions to overcome the weaknesses of your own router.  Perhaps the answer is to offer a more "high-end" device that solves this .. I purchased the G1100 on sale for $99 back when it was first offered but .. would certainly have paid more if it solved all the above issues.    That said .. I HAVE spent the money already on the additional hardware since it was obvious after the first year that Verizon had no intent of fixing this.   So ... why should I or anyone trust that they will in the furture?   

 

 

Silver Contributor III Silver Contributor III
Silver Contributor III
Posts: 197
Registered: ‎01-01-2018

Just out of curiosity, on the machines that you open access to them, do you not also employ and more advanced software firewall on those systems? 

 

I currently use a HIPS (Host Intrusion Prevention System) + Personal Firewall to help with the missing feature as the firewall can handle the filtering that is needed from there.

 

I used to use COMODO Personal Firewall which works really well, but since then I got a new antivirus which includes a HIPS/Firewall built in called ESET Internet Security which now handles the same tasks.

 

Your router should never be the only line of defense for your network or servers.

Contributor Armylifer98
Contributor
Posts: 4
Registered: ‎02-14-2017

Thanks .. yes.

Layered-Security is always the best solution.

I have replaced the Advanced Filtering -using that of other routers to accomplish the same.  Every endpoint has either a McAfee or Symantec Security package for AV/Malware/Firewall.  I'm covered ... this thread is about them HAVING the Advanced Filtering solution in the firmware/software of the MI424WR .. but failing to carry it over to the Quantum Router.   They intended to add it back at some point but not enough of us were apparently requesting the feature for them to continue to develop the router application.   I understand that .. I really do.  But rather than simply say so .. they obfuscate and ignore.   Yes .. I CAN do all these things to work around the fact that they dropped a feature that I used and appreciated.  That helped me to more granularly control the reach of any unrequested inbound traffic.  I do that now with my Buffalo router instead.   

I'll be honest in that it didn't *really* cost ME that much more .. I already had that router and just used the same functionality in .. but that was me .. to replicate that ..using a Nighthawk (Netgear) as some have recommended .. would cost someone $150 to $300 depending on the model purchased.     And I have always locked down my devices using firewalls and security applications .. you have to and even then you cross-fingers that you haven't left an opening or that some zero-day doesn't hit.   

 

Ces't La Vie!

So it goes.

 

 

Enjoy the day!

 

 

Moderator Moderator
Moderator
Posts: 8,859
Registered: ‎03-18-2013

As this thread is now over two years old, it will be locked in order to keep discussions current. If you have the same or a similar question/issue we invite you to start a new thread on the topic.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.



Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.