×

Switch Account

Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

SOLVED
Reply
Highlighted
Platinum Contributor III
Platinum Contributor III
Posts: 6,819
Registered: ‎08-23-2008

Re: Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

Message 11 of 15
(19,432 Views)

I hate the Verizon routers. Give very to little information in the log files now with the Rev 2 Version E. it seems worse. What is a type 15 message?

 

It would be nice to know where this is being suppressed from. Just make all things work for CID and Remote DVR. The Actiontec routers suck!

 

Jul 23 12:12:21 2011Firewall InfoRate Limit5 messages of type [15] Default policy suppressed in 1 second(s)

Highlighted
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,477
Registered: ‎12-15-2010

Re: Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

Message 12 of 15
(19,427 Views)

The ActionTecs are physically good units. I've never seen an issue with them in regards to the hardware (minus reports of them failing from time to time, but that just happens). The software on the other hand, the Verizon-branded firmware, yeah, that sucks. I think at this point it might be a good idea for Verizon to talk to the guys behind the DD-WRT/OpenWRT projects, since their firmware runs rock solid on the ActionTec routers with no problem what so ever.

 

As far as CWMP/Remote Access Agents, I've always voiced out against them. This thread shows exactly why. Get someone on your tail they'll find a way to break into a router. This makes it a lot easier. It's bad when I find ISPs giving away residential routers/gateways that have remote administration not defined anywhere in the router but can be reached simply by entering in an IP address and port number into a web browser from any connection. You can really have all sorts of fun once you find something like that, especially if the Username and Password is simply a default User/Pass.

 

As for the OP: I would have someone (local computer geek who knows what they are doing, perhaps) take a very close look at your PC, first of all to make sure you aren't infected with malware or have keylogging software installed. A lot of machine compromises I find tend to take place using a hidden Administrator Account, usually created from malware install or from automated commands coming from say, a botnet. If any signs of compromise are found I would highly suggest a reformat and reinstall of Windows since you do not know what they might have gotten into. When setting up Windows, make sure you have created two user accounts. One account would be the Administrator Account with a password, the second being a Limited User Account also with a password which will be the account you will use. Fully patch the PC from Windows Update, including any and all service packs and new versions of software such as Internet Explorer using the Administrator Account. From there, install the programs you use and check each program for patches using the Administrator Account. Install Security Software (I suggest Avast! with Malwarebytes and/or SUPERAntiSpyware) and verify that at least the Windows Firewall is enabled for a basic stance. Use Firefox as your web browser, running it with the Ad-block Plus extension installed. Finally, using the Limited User account, copy any files you may have backed up back onto your PC.

 

To ensure that none of your IM/chat accounts have been compromised, I would also use a PC running a Linux LiveCD to change the passwords on those accounts, at a minimum. In addition, I would unplug the Coaxial connection from the Verizon router temporarilly, give it a factory reset, and then configure it with a different password. From there, I would make sure UPnP is disabled, a Firewall rule is configured for Port 4567 to drop inbound requests to that port, and your Wireless is configured to use WPA2-PSK AES Encryption. From there, switch off the FiOS router, connect the coaxial cable, and leave the router off for a few hours. Finally, turn it back on and you should have connectivity.

Highlighted
Platinum Contributor III
Platinum Contributor III
Posts: 6,819
Registered: ‎08-23-2008

Re: Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

Message 13 of 15
(19,419 Views)

Yea the Rev E and greater routers have a little more memory or better management for the NAT table. I myself like my Linux based IP-Cop 1.9 which is now running behind the Actiontec. Since my Rev D locked up last month and went South, I decided to put the new Rev. E back on the front lines for Remote DVR and CID if they get it working for me again. I too run Avast and Malwarebytes. CSR wanted remote access to my desktop, I said no IHA, and no I am behind double NAT. If someone is hammering my router, I like to be able to see who and for how long. The Actiontec logs are bogus in size and information. Now the hard drive logs on my IP-COP stay for 60 days or what ever, and log every connection. I can't see paying for the full version of Smoothwall. And I am not that much of a Linux Geek to roll my own. I did manage to get Dan's Guardian to run with the new Cop 1.9 which is a darn good proxy filter.

Highlighted
Contributor
Contributor
Posts: 1
Registered: ‎07-17-2016

Re: Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

Message 14 of 15
(15,366 Views)
You can disable port 4567 and Verizon's remote access by performing the following. Please note, you might need to re-enable it if you ever need their technicians to diagnose a problem in the future. 1) Login to the web admin interface on your VZ router. 2) Select Advanced from the menu at the top (answer Yes to continue). 3) Select Local Administration from the list in the main panel. 4) Enable Primary Telnet on port 23 and hit Apply. 5) Telnet to your VZ router and use the same web admin interface login credentials. 6) Enter the following at the the prompt once authenticated: conf set cwmp/enabled 0 conf reconf 1 7) Close down the telnet connection 😎 Disable the Primary Telnet on port 23 by repeating steps 1-4, but deselecting the option in step 4. Re-enabling is possible by repeating the above and changing the cwmp/enabled value to 1 in step 6.

View solution in original post

Highlighted
Moderator Moderator
Moderator
Posts: 9,764
Registered: ‎03-18-2013

Re: Guy accessed remote administration port 4567 on my router. Thanks, Verizon!

Message 15 of 15
(15,324 Views)

As this thread is now over two years old, it will be locked in order to keep discussions current. If you have the same or a similar question/issue we invite you to start a new thread on the topic.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.
Covid19


Browse Categories
Categories:
Posts

Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.