×

Switch Account

turn off remote access to g1100?

turn off remote access to g1100?

Reply
Copper Contributor iy508
Copper Contributor
Posts: 15
Registered: ‎07-19-2015
Message 1 of 16
(8,080 Views)

I have recently signed up for fios and have been supplied with a verizon g1100 wireless router.  Both the fios service and the router are working without problems. 

 

However, I see that the router reports its internal settings, including my wireless password, to verizon, because I can view them when I sign in to my verizon account.  Also, the user guide for the router says (p.14, line 6) "Firmware updates are performed automatically by verizon".  I can understand the convenience of these arrangements for verizon and some users, but I also see them as a potential security risk.   Is there a way that I can forgo the convenience and turn off external access to the g1100?   I know that I can replace the verizon router with one of my own, but it seems otherwise satisfactory, so I would like to keep using it if I can do so more securely.

15 REPLIES 15
Platinum Contributor III Platinum Contributor III
Platinum Contributor III
Posts: 7,348
Registered: ‎12-15-2010
Message 2 of 16
(8,033 Views)

The external access portion to the router is baked into the firmware, so there is not really an easy way to turn it off short of replacing the router, or having the Verizon router sit behind yours with a firewall capable of blocking the traffic. Verizon is using the TR-069 management standard on the routers.

 

In the past, the older ActionTec routers could actually inadvertently be set up to Firewall the TR-069 management port before the router would connect to the Internet. To set that up, you would disconnect the router from the Internet, reboot it, then create and save a Firewall rule. You could see if that trick still works on the G1100.

Copper Contributor iy508
Copper Contributor
Posts: 15
Registered: ‎07-19-2015
Message 3 of 16
(8,011 Views)

Thanks, that's helpful.  Searching for TR-069 I find that it uses port 4567.  I'll see whether I can block that port with a firewall rule, and if so whether it stops my password appearing on verizon's webpage. 

Gold Contributor II Gold Contributor II
Gold Contributor II
Posts: 2,153
Registered: ‎11-10-2009
Message 4 of 16
(7,965 Views)

@iy508 wrote:

Thanks, that's helpful.  Searching for TR-069 I find that it uses port 4567.  I'll see whether I can block that port with a firewall rule, and if so whether it stops my password appearing on verizon's webpage. 


You'll find a port forwarding rule for port 4567 in the firewall section forwarding to local host 127.0.0.1 - it's marked as Verizon FIOS service

Unfortunately it is a Verizon pf rule that is non modifiable other than by putting your router in front of the Verizon router and forwarding everything else other than 4567

 

 

Copper Contributor iy508
Copper Contributor
Posts: 15
Registered: ‎07-19-2015
Message 5 of 16
(7,959 Views)

Hmm.  I couldn't introduce another firewall rule in front of theirs?  In my simple setup, there would be no point in using their router at all if I put another router in front of it.  I might as well let the other router do the whole job.

Highlighted
Silver Contributor IV
Silver Contributor IV
Posts: 1,122
Registered: ‎12-04-2009
Message 6 of 16
(7,942 Views)

You don't indicate if you have FIOS-TV or not. 

 

If you do, you still need the VZ router to provide MOCA LAN for the STBs.

 

 

Copper Contributor iy508
Copper Contributor
Posts: 15
Registered: ‎07-19-2015
Message 7 of 16
(7,921 Views)

@Anti-Phish wrote:

You don't indicate if you have FIOS-TV or not. 

 

If you do, you still need the VZ router to provide MOCA LAN for the STBs.

 

 


No, I just have internet.

Gold Contributor II Gold Contributor II
Gold Contributor II
Posts: 2,153
Registered: ‎11-10-2009
Message 8 of 16
(7,863 Views)

@iy508 wrote:

@Anti-Phish wrote:

You don't indicate if you have FIOS-TV or not. 

 

If you do, you still need the VZ router to provide MOCA LAN for the STBs.

 

 


No, I just have internet.


Then just connect your own router to the the vdsl modem - just realized you are the same poster that was asking about ip addresses on a vdsl modem.
Release the ip address on the verizon router before doing this or wait at least 2 hours for the ip address to release after disconnecting the verizon router.

Copper Contributor iy508
Copper Contributor
Posts: 15
Registered: ‎07-19-2015
Message 9 of 16
(7,856 Views)

Yes, I've done that.  It just seems a shame to waste the new verizon wireless router, which is slightly faster than my old one.

 

Both questions were in the interest of blocking potential security holes.  It is obvious that the router with port 4567 open carries a risk.  I'm still wondering about the modem, but if you have any more to say about that, let's do it in the other thread to keep things straight.

Copper Contributor iy508
Copper Contributor
Posts: 15
Registered: ‎07-19-2015
Message 10 of 16
(7,753 Views)

Someone, not me, has marked this problem as solved.  It isn't solved as far as I am concerned.

How-To Videos
 
The following videos were produced by users like you!
   
Videos are subject to the Verizon Fios Community Terms of Service and User Guidelines and contains content that is not created by Verizon.



Verizon Troubleshooters
Unable to find your answer here? Try searching Verizon Troubleshooters for more options.