Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Take advantage of Black Friday with 15% off sitewide with coupon code "BLACKFRIDAY" on Slashdot Deals (some exclusions apply)". ×
User Journal

Journal 140Mandak262Jamuna's Journal: Security concerns over Port 4567 of Verizon FiOS

Submitted to Ask Slashdot: I got my home connection upgraded to Verizon FiOS. I am getting a blazing fast connection 20Mbps clocked by three different sites. But one important thing about it is that, the router/modem that must be used for this is supplied by Verizon and it leaves port 4567 open on the WAN site. Quick googling shows that it is a port used by Actiontec, OEM vendor to Verizon, to upgrade the firmware automatically. The router is, in fact, running a server and presents a user name password dialog to the whole world. I used Grc.com to verify that the port is really open to the entire world, not just to the Verizon servers alone.

Though Actiontec claims this port could not exploited I have quite a few concerns about it. If that password is cracked, hackers can upload a cracked version of the firmware and disable all protections at the router. I tried putting another router behind the verizon router but then my speed drops to 10Mbps. Thinking of getting a switch with firewall or configure the second router as a switch to protect my computers in case the Verizon router gets hacked.

I really would like to know the protections against password cracking on the router. How many failed logins are allowed per minute, per hour, per day, per week? Verizon knows which of its banks of servers are authorized to upgrade the firmware on the routers. Should it simply filter out all traffic to these ports originating from any other IP address? And why is the firmware upgrade initiated by an inbound call? Why cant the routers initiate a peridic check and look up their home servers and get a firmware upgrade? I don't like the way Verizon is implementing the automatic firmware upgrade. I fear someday soon somebody is going to crack that password and the hackers are going to get a million bots all with 20 Mbps connection to the world. Even if you are not a Verizon FiOS customer, you will be affected then.

This discussion has been archived. No new comments can be posted.

Security concerns over Port 4567 of Verizon FiOS

Comments Filter:

There is very little future in being right when your boss is wrong.