I think this may be a similar problem:

When I'm trying to update my Web site or do banking, I become disconnected and the site I was connected to becomes unavailable.  Tracerts to that site and even to Verizon.com go the same way, as noted below:

 4 ms     3 ms     3 ms  wireless_broadband_router.home [192.168.1.1]

 8 ms     7 ms     8 ms  l100.lsanca-vfttp-121.verizon-gni.net [173.58.73.1]

13 ms    11 ms    11 ms  g5-2-921.lsanca-lcr-09.verizon-gni.net [130.81.96.26]

13 ms    13 ms    12 ms  so-4-0-0-0.lax01-bb-rtr1.verizon-gni.net [130.81.28.72]

14 ms    13 ms    13 ms  0.so-7-3-0.xt1.lax7.alter.net [152.63.10.145]

25 ms    25 ms    24 ms  0.so-5-0-0.xt1.sac1.alter.net [152.63.0.98]

26 ms    25 ms    25 ms  gigabitethernet6-0-0.gw9.sac1.alter.net [152.63.55.73]

We've asked Verizon many times to resolve this problem where the Verizon router ceases to even go through our assigned IP and goes out to  some oddball IP like 173.58.73.1, which I'm guessing is a feigned router, maybe a case of DNS poisoning.  That kind of problem has to be right at the fiber box we apparently have to share with our neighbors, which is why I had asked Verizon many times if we would have to share and were assured that the fiber line is direct to Verizon. 

The fiber line is NOT direct to Verizon.  It's direct to a fiber box where apparently one of our neighbors wants to try to break into our Internet communications.

FIOS is not cheap but Verizon FIOS support is worth exactly NOTHING!!!   Thanks for NOTHING!!!

Why are you protecting this activity?  Is it one of your people doing it?

Sincerely,

John D

I should have probably stated that this particular tracert was to Verizon because I couldn't even get into Verizon.com, though I could get to some other Web sites.  I'm guessing that was intentional....

Here's the tracert to Verizon.com

Tracing route to verizon.com [192.76.85.245]

over a maximum of 30 hops:





4 ms     3 ms     3 ms  wireless_broadband_router.home [192.168.1.1]

8 ms     7 ms     8 ms  l100.lsanca-vfttp-121.verizon-gni.net [173.58.73.1]

13 ms    11 ms    11 ms  g5-2-921.lsanca-lcr-09.verizon-gni.net [130.81.96.26]

13 ms    13 ms    12 ms  so-4-0-0-0.lax01-bb-rtr1.verizon-gni.net [130.81.28.72]

14 ms    13 ms    13 ms  0.so-7-3-0.xt1.lax7.alter.net [152.63.10.145]

25 ms    25 ms    24 ms  0.so-5-0-0.xt1.sac1.alter.net [152.63.0.98]

26 ms    25 ms    25 ms  gigabitethernet6-0-0.gw9.sac1.alter.net [152.63.55.73]

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

*        *        *     Request timed out.

Are both of you guys on Wireless by any chance? Connect your PC to Ethernet if you are using a Wireless connection and perform an NDT and an NPAD test to ensure the connection is passing data as it should.

Use http://speedtest.verizon.com/ for a Web100/NDT Test. It won't give all of the results I'm looking for, but it will give the key information I need. Post up the results that gives.

Use http://measurementlab.net/measurement-lab-tools#tool3 to run an NPAD test. Be sure to check where the server is located before starting this test. It will say at the top Right corner of the page where it is at. If the server seems to be far away, search Google for something like this "npad site:measurement-lab.net" and locate the cloest server to you from the search results.

Before starting the NPAD test, also make sure you set yout speed in Megabits. Round it to the nearest megabit rounding down (it does not like decimals). Set the RTT time to 30ms. When the test completes, you will be redirected to a page giving the results. Provide that page's address.

@DONOTLIKEFIOS: Unless one of your neighbors is by any chance running an uncapped ONT (meaning running the Internet at 622Mbps download, 133Mbps upload OR at 2.4Gbps download, 1.2Gbps upload), there is no way they could be breaking your connection since even the legacy BPON FiOS network should not be getting saturated from one user maxing their connection. It's split from anywhere between 16-32 homes, meaning there's plenty of bandwidth to go around on the downstream. On the upstream for BPON, not so much. That poisoned router you see is the Verizon Edge router. There's nothing wrong with it being there.

---

@DONOTLIKEFIOS wrote:

the Verizon router ceases to even go through our assigned IP and goes out to  some oddball IP like 173.58.73.1  

---

What eveidence do you have of this?

Is it possible you're connecting to a neighbor's wireless router that has that IP address?

---

@DONOTLIKEFIOS wrote:

That kind of problem has to be right at the fiber box we apparently have to share with our neighbors,  

---

Yes, you share the fiber hub with your neighbors, but the problem is not there.  The hub is a passive optical splitter.

---

@DONOTLIKEFIOS wrote:

The fiber line is NOT direct to Verizon.  It's direct to a fiber box where apparently one of our neighbors wants to try to break into our Internet communications. 

---

Your neighbor can not break into your communications at the fiber hub.  All communication from your ONT to the OLT in the Central Office is encrypted.  The only way your neighbor could be evesdropping on your communication is if your have disabled the wireless encryption oi the Actiontec router.  It's best to set the router for WPA2 encryption as that is the most secure.

Unbelievable response: "Is it possible you're connecting to a neighbor's wireless router that has that IP address?". 

THERE IS NO WIRELESS INVOLVED!

We don't employ wireless solutions on any piece of equipment and FYI it's technically implausible to "accidentally" connect to someone else's router since most use an unknown secure ID which is necessary to connect to their wireless device.  (...Although there is now a cell phone application to manually decode your neighbor's Verizon SID).  Not only is wireless turned off on every device but should it "accidentally" get turned back on, the Verizon router, in fact every device, is configured to dump every wireless packet inbound and outbound.

If anyone is having security problems, or even suspects they might be having security problems, one of first things to do is to employ only hard-wired connections (turn everything wireless off).  That's just a little bit obvious.  Here's something else that's just a little bit obvious: change your password on your Verizon router.

We turn on the router, it gets it's IP a la DHCP presumably from Verizon.  If Verizon's router is connecting to our neighbor's IP, it's someone else's doing and it isn't by wireless. 

As for what "What eveidence do you have of this?", first of all, in English, it's "evidence" not "eveidence" and the evidence we have is that we can get to any Web site we want to navigate to on AT&T and other ISP's but not always on FIOS.  I'll cite as an example, there are times we can't even get to verizon.com on FIOS.  Do you think that might be a clue?  We do!  Did you read our previous post?  In fact, most of the time when we want to report a problem, we have to hop onto AT&T just to get on Verizon to make that report. That sounds like "evidence" to me.  Instead of going to Verizon (as the trace route previously posted indicates, it seemingly goes to gigabitethernet6-0-0.gw9.sac1.alter.net [152.63.55.73] and times out.  In any case, the current versions of Sea Monkey, Firefox, Opera and Internet Explorer version 8 report a "404" error when attempting to connect to Verizon.com when using FIOS during the problem stricken times.  In fact, just to post this reply took several attempts, involving turning off the router and loggin back into Verizon.com.  I'd say that's not only evidence but a pointer to the problem as well....

We're not the only one's having this problem.  If you Google the term "sac1.alter.net" you'll find lots of other people having nearly exactly the same problem.  Do you wonder if they're using wireless and connecting to their neighbor's router?

The best solution we've found is to simply turn the Verizon router off for anywhere from several hours to several days and try again later, which means we don't get much use out of FIOS.

That said, it's bad advice to tell people that WPA2 will protect them using wireless as it's been hacked long ago, using replay attacks.  Even you could do this following video instructions that are available on YouTube.  To say this protects people is just setting people who are unaware up for a hacking.  That's not to say that it will happen but that it could happen.

I'd like to see evidence that FIOS is encrypted after the firewall.  There is a setting for that on the router but it isn't implemented as a default.  We can't put up WireShark or a hardware protocol analyzer to verify the claim that Verizon is encrypting data past the firewall because Verizon didn't connect FIOS in the way pre-sales tech support had us request them to connect it.  The installer simply refused to comply with the sales order. 

We thought to try to employ a VPN which actually would provide secure communications to the Internet point of our choice.  The VPN worked well for a week or so until something happened (which we presume was Verizon blocking the ports we used for the VPN).  We could no longer connect to the VPN, so all we could do is go back to just using Verizon.  We'd like to connect to a VPN because, frankly, we no longer trust Verizon.  That's not to say that any particular VPN is any more trustworthy but at least we'd have encryption to the Internet via the encrypted route of our choosing.  We're not the only one's who have had this observation of having problem connecting to a VPN after a while of using it.  It might be that Verizon doesn't allow VPN's possibly having to do with SPAM laws or something similar.

---

@DONOTLIKEFIOS wrote:

THERE IS NO WIRELESS INVOLVED!

---

How is anyone reading your posts supposed to know that since you did not state that? 

---

@DONOTLIKEFIOS wrote:

it's technically implausible to "accidentally" connect to someone else's router since most use an unknown secure ID which is necessary to connect to their wireless device.  

---

Not true.  Many routers ship with no encryption enabled.

---

@ DONOTLIKEFIOS wrote:

If Verizon's router is connecting to our neighbor's IP, it's someone else's doing and it isn't by wireless. 

---

I never said the VZ router was connecting to your neighbor's router.   I was referring to wireless devices since it was not clear from your earlier posts that you did not have any wireless devices.

---

@DONOTLIKEFIOS wrote:
first of all, in English, it's "evidence" not "eveidence"

---

I suppose you've never made a typo?

---

@DONOTLIKEFIOS wrote:

 4 ms     3 ms     3 ms  wireless_broadband_router.home [192.168.1.1]
 8 ms     7 ms     8 ms  l100.lsanca-vfttp-121.verizon-gni.net [173.58.73.1]

We've asked Verizon many times to resolve this problem where the Verizon router ceases to even go through our assigned IP and goes out to  some oddball IP like 173.58.73.1, which I'm guessing is a feigned router, maybe a case of DNS poisoning.   

---

173.58.73.1 is not a feigned router or a case of DNS poisoning.  That is VZ's edge router that your OLT is connected to.  All your traffic goes through that router.

---

@DONOTLIKEFIOS wrote:

That said, it's bad advice to tell people that WPA2 will protect them using wireless as it's been hacked long ago, using replay attacks. 

---

As you said, the best advice if you're worried about wireless attacks is not to use wireless.

However, since people ARE going to use wireless. The next best advice is to use WPA2-AES with a 64 byte key consisting of mixed number, upper case, lower case and special characters.

Password cracking times

---

@DONOTLIKEFIOS wrote:

I'd like to see evidence that FIOS is encrypted after the firewall.  

---

ITU specifications G983.1 (BPON) and G984.1 dictate that all communication between your ONT and the OLT (i.e.. On the fiber) are encrypted.  FIOS conforms to those specifications.

---

@DONOTLIKEFIOS wrote:

We can't put up WireShark or a hardware protocol analyzer to verify the claim that Verizon is encrypting data past the firewall because Verizon didn't connect FIOS in the way pre-sales tech support had us request them to connect it.  The installer simply refused to comply with the sales order. 

---

Putting a sniffer between the router and the ONT won't show encrypted traffic since the traffic is encrypted in the ONT.

Even though the install tech didn't provide you with a cat5 WAN connection to the ONT, it's easy enough to switch.

Replacing the Actiontec (part 1): Coax to Ethernet

---

@DONOTLIKEFIOS wrote:

The VPN worked well for a week or so until something happened (which we presume was Verizon blocking the ports we used for the VPN). 

---

VZ does not block ports (except for outbound port 25 to non-VZ mail servers).

.

"Many routers ship with no encryption enabled."

I think you may have meant to say "Many routers ship with visible SSID, no password and no encryption" which would be what is necessary to "accidentally" connnect to a neighbor's router and that's just not true.

However I think this is just going to lead to more falacious statements and petty bickering.

The link:

Replacing the Actiontec (part 1): Coax to Ethernet

...might be useful information.  It would have been nice if the Verizon installer had actually had done that but until AT&T offers service in my area, this might be the beginning to establishing what circumstances are leading to these attacks and resolving them.  It's likely that I will try this.

"VZ does not block ports (except for outbound port 25 to non-VZ mail servers)" may also be useful information.  It would account for why some watchdogs I have locally can't send me email alerts.  I'm not sure the entire statement is true but I am more interested in solutions than petty bickering so I'll take what good information there is and leave the rest.