Firewall settings changed
NewFiosLover271

I have an Actiontech MI424-WR rev. C router. Went through my settings and devices, as I usually do each month to make sure everything has not changed and running smoothly. It’s a monthly task I have completely since I signed up three years and a monthly task that I preform with all technical devices.

About a year ago, I changed my wireless firewall settings from WEP to WPA2 and no longer broadcasting SSID for heighten security.

Today, something caught my eye. Everything was fine except WPA2 was no longer enabled.

Security log detailed:
Aug 5 18:35:31 2010, Firewall Setup Firewall status changed: enabled.
Aug 5 18:35:31 2010, Firewall Setup Configuration change: Internal application has changed security settings.

System log during the same time detailed:
Aug 5 19:35:24 2010, System Log: WAN DHCP DHCP WAN connection IP:xx.xxx.xxx.xxx,DNS:xx.xxx.0.xx.71.250.0.12 ,GTW:xx.xxx.xxx.1,Subnet:255.255.255.0 (WAN MoCA)
[repeated 9 times, last time on Aug 6 03:35:26 2010]
Aug 5 18:40:08 2010, System Log: WAN Coax WAN Coax Link Rate
Aug 5 18:38:37 2010, System Log: LAN Coax LAN Coax Link Rate
Aug 5 18:35:53 2010, System Log: WAN Coax WAN Coax Link Rate

I contacted Verizon tech support via the telephone. After being on hold for two hours, I finally got someone. They do not know how or why my firewall settings changed. His only conclusion was that it could have been one of Microsoft's monthly updates. Which it could not because I wasn't home the entire day. He also mentioned something about Wii or PS3 being able to change it remotely? I mentioned to him about its Set top box's widgets. Since the log details a connection between the set top box almost the same time as the setting being changed, I feel it has to do something with it. I've never had this problem before!

This is what gets me, when someone enters or changes settings, the router records an IP address and the devices labeled name. During the above noted day on August 5th, It just states, “Internal application has changed security settings.”

The log would read if I was the one who changed it:
Aug 16 11:42:34 2010 WBM Login User authentication success Username: xxxx from xxx.xxx.1.2 [repeated 3 times, last time on Aug 16 12:34:32 2010]

Has anyone uncounted this particular issue? Could this occur again? If so, what can I do for it not?

0 Likes
Re: Firewall settings changed
spacedebris
Master - Level 2

Do you have remote access denied on the router? To prevent outside access to the router?

Assuming that you do. Then this is strange. The STB's should only be able to open ports on the firewall for their services. But they have no wireless access and should not be able to do anything with it.

I would have guessed that the router got reset since WEP is the default, but that would have cleared out any of your personal settings.

Now its possible that you had a hacker break into your router and change it, but that doesnt make much sense since if they were in your router, they would have retrieved your WPA key so there would have been no need to change it.

Definitely sounds strange.

Re: Firewall settings changed
NewFiosLover271

Remote access and uPnP is not enabled. I did some research via Google, and it brought up some information about virus code related material. If that’s true, then where would the virus be located? My home computer(s) are only turned on when needed. It has to be a fault located somewhere within the router, Verizon's home unit, Verizon's Motorola set-top box, Nintendo wii, Sony ps3, Apple iPod Touch, Microsoft smartphone, HP Digital picture frame, VoIP telephone equipment. My guess would be Verizon's set-top box because why would it connect before and after just when the setting was disabled as well as it being noted in the security log? I am not about to pull my hair out over something as small as this because I will be here for months trying to figure it out! I hope and pray it does not happen again.

0 Likes
Re: Firewall settings changed
CapnCrunch
Contributor - Level 2

It is possible it is from this: Did you get this email:

Security Update Information about your Verizon Internet Service

Dear Valued Verizon Customer,

Customer security is a top priority for Verizon and we are currently in the process of reviewing administrative password security for the FiOS Broadband Home Routers that Verizon provides as a part of our FiOS services.

You are receiving this email because we identified that your FiOS Broadband Home Router has a "default" password (like "password1" or "admin1"). To improve the security of your Broadband Home Router, we have reset the router administrative password to match the serial number located on the router. The router username will remain the same.

Please note that there is no action required on your part: this security update will not impact use of your computer or your FiOS Internet service and will not change any of your personal network, web or email settings.

If you would like more information about this matter or instructions on how to locate the router's serial number, please visit http://support.verizon.com/fiossecurerouter.

We value you as a customer and look forward to continuing to serve you.

Sincerely,

Verizon

Re: Firewall settings changed
spacedebris
Master - Level 2

that is in regard to the router password. It should only change the password on the router, and only if the router is still using the default password. Should have nothing to do with the wireless system.

0 Likes
Re: Firewall settings changed
NewFiosLover271

I do not know if this has to do anything but it happened again without changing my firewall setting. I was in the middle of accessing Facebook via my unlocked Apple iPod Touch 2g. I have a feeling, it has to do something with that since this started. I discounted everything except Verizon's set top box, VoIP telephone and, Apple iPod Touch 2g.

0 Likes
Re: Firewall settings changed
dslr595148
Community Leader
Community Leader

@NewFiosLover27 wrote:

I do not know if this has to do anything but it happened again without changing my firewall setting. I was in the middle of accessing Facebook via my unlocked Apple iPod Touch 2g. I have a feeling, it has to do something with that since this started. I discounted everything except Verizon's set top box, VoIP telephone and, Apple iPod Touch 2g.


Ok, in that case. I would suspect some evil code is at Facebook, that altered the settings.

#1 You are not using the default password in the router?

#2 You are not using a password that is easy to guess?

0 Likes