Blocking the "backdoor" in the FIOS router?

Altiris

Honorable
Jun 17, 2012
409
0
10,780
Apparently the router provided by Verizon FIOS (Actiontec mi424wr) for internet/TV services has an opened port that can give details such as SSID, encryption type, wireless key, and possibly even more and also to people other than verizon. If there isn't a way to block the opened port (port 4567) would it be a good idea to just have the WAN disabled and hookup a sonic wall or two to the router (until we discover those badboys have some kind of backdoor as well lol) and have all computers connected to the sonicwalls or just avoid using the FIOS router entirely?
 
Solution
In my ActionTec settings:

Networked Computer / Device Applications & Ports Forwarded WAN Connection Type Status Delete
localhost 127.0.0.1 Verizon FiOS Service Tcp Any -> 4567 All Broadband Devices Active


What might happen that they need to connect to your router? Any of a number of things.
"Hey...my internet doesn't work!"
'Well...lets see whats going on.'

They (or you) can send a reboot signal to the router, they can monitor signal strength (is it a problem in the router, or possibly a bad incoming signal?), etc, etc.

I do not believe there is a way to block that port directly in that router.

Further discussion here:
http://www.dslreports.com/forum/r23856781-Port-4567-open-Actiontec-Router-using-Verizon-FIOS...

USAFRet

Titan
Moderator
That port is to allow Verizon techs to see what is going on in case you have to call them with an issue. Or reboot it remotely (you can do this from their website).
Turn off Remote Admin, and presumably no one other than Verizon techs can see what is going on, or access the router.

And if you have Verizon TV service, that ActionTec must be in the chain somewher. It is the central brain for the MoCA protocol, and talks to all the settop boxes. You can add a different downstream router, but that one from Verizon must be in there, as far as I know.
 

Altiris

Honorable
Jun 17, 2012
409
0
10,780
What could be going wrong with my Internet that would require them to have access to the router?. It's simple enough to solve if the problem of the Internet has to do with a failing hardware device, or conflict in IPs. ...which still may not even be detectable by them accessing the router and shouldn't even happen anyways if you only have one router connected. You didn't really help me answer anything, I am assuming turning off remote administration doesn't block the port, it will still be left open regardless. I don't mind using the fios router for TV as the information on there is nowhere near as important as it is on the Internet. I can always have a CAT5e cable straight from the ONT to another router or still to the fios router.
 

USAFRet

Titan
Moderator
In my ActionTec settings:

Networked Computer / Device Applications & Ports Forwarded WAN Connection Type Status Delete
localhost 127.0.0.1 Verizon FiOS Service Tcp Any -> 4567 All Broadband Devices Active


What might happen that they need to connect to your router? Any of a number of things.
"Hey...my internet doesn't work!"
'Well...lets see whats going on.'

They (or you) can send a reboot signal to the router, they can monitor signal strength (is it a problem in the router, or possibly a bad incoming signal?), etc, etc.

I do not believe there is a way to block that port directly in that router.

Further discussion here:
http://www.dslreports.com/forum/r23856781-Port-4567-open-Actiontec-Router-using-Verizon-FIOS

Specifically:
"Yes, it gives VZ limited access to your router, however, it is an encrypted protocol requiring valid SSL certificates. Not something that is easily hacked. Port 4567 is handled solely within the router and not forwarded to your LAN."
 
Solution