We have been waiting since 2008 for Verizon FiOS service to be available at our house. The quadrant to the northwest has FiOS. The quadrant to the southeast, which we are in, doesn't. However, our house is too far from the southeast poles, and our wireline runs across the street into the northwest quadrant. The database that governs FiOS eligibility doesn't know this.
We have been bugging Verizon Customer Service and field installers since the FiOS backbone was installed. Finally my wife hit the jackpot: someone who knew someone who knew someone who understood the issue and knew how to fix it. We are now eligible for FiOS.
The plan we ordered provides:
Unlimited calling nationwide, lots of features including anonymous call blocking. Server-side voicemail. The product is called Verizon Digital Voice, and the technology is VOIP.
15Mbit/s downlink, 5Mbit/s uplink. Considerably higher speeds are available. The ONT connects to the house router via MOCA or IEEE 802.3 ethernet (pick one; we're going to use MOCA). The provided router is an Actiontec MI424WR. It has these ports:
We declined it, but they would love to sell you a bundle with TV.
These items are included in the package:
$60/mo introductory price with 2 year contract. Includes $30/mo of discounts; we'll see how much of that evaporates after 2 years. Early termination penalty: $240 amortized over 2 years.
Order date: 2012-06-09. Entirely online, no need to wait for or miscommunicate with a customer service rep. Installation promised: 2012-06-15 (could actually have been earlier). Installation was on time and not messed up.
Here is what you need to have ready for them:
A place to put the ONT, its charger, and its battery. These are normally wall mounted. The ONT can be outside; the charger is normally inside. We have a good location inside the garage where existing POTS and TV coax have their nexus. In modern inside installations there's a kind of cabinet enclosing all three items, size 46 x 30 x 11cm (18 x 12 x 4.5in)
An unoccupied NEMA 5-15R electrical socket. This is the usual residential socket in the USA with two parallel flat blades and one round grounding pin. Plug strips not allowed. We have a vacant socket, with GFI.
The Verizon setup documentation does not discuss grounding. As installed, the ONT relies on house grounding. There is no sign that Verizon's fiber has any steel strength member or copper tracing conductor, though these are used in other fiber cable packages. Thus FiOS (and the customer premises equipment) should be immune to lightning strikes. (Our area has overhead wiring.)
Planning for the cable run from the ONT to the house router. MOCA is confirmed to work on our path. If you order TV they require you to use MOCA, but if not you have the option of having the tech run cat-5 Ethernet to the router.
Planning for wiring at the router end. Initially, drop-in replacement for the existing Westell "Weasel" DSL modem.
The router password: The Actiontec MI424RW router has a number of hardware
and/or software revisions; the latest, which I got, is
I (the letter).
Verizon also sometimes used one of the Westell models. For the setup web
interface, all the routers listen on 192.168.1.1 port 80, 443, and several
others. They use a user name of
admin (lower case). Older routers use
a lame password of
password1. After hacked access to
the router was made useful, starting around 2008 they started using the
router's serial number (case sensitive). My router (2012) has a truly random
password of 8 bytes including punctuation, printed on the ID sticker on the
My ideal router configuration: It is not likely that the router firmware is
going to be smart enough to do everything I want. The router is referred to
Weasel. I have a real machine called Jacinth, a Koolu, which
acts as our home server; among its various functions are routing, firewall, and
The new router replaces the old DSL modem/router, by Westell (hence the name). It takes over the IP address and as much of its function as I can manage.
The ONT sends to Weasel via the MOCA WAN channel.
Weasel's WAN channel is bridged to an 802.3 (Ethernet) port. I would like this to be the dedicated WAN port, but that has not yet materialized, and I am using the LAN port(s) for the bridge. Alternatively I would like to use a USB port on the MI424WR, but this is not going to materialize either unless one hacks the software.
This 802.3 port is connected to Jacinth's WAN (wild-side) port.
One LAN client port on Weasel would be connected to Jacinth's LAN (802.3) port. In reailty I have retained the existing mini-hub for this.
Weasel LAN client ports (802.3) to other machines in the office, once I get the bridging the way I want it.
Weasel's LAN would be bridged onto the MOCA LAN channel. Until that becomes feasible I have retained power line networking.
Weasel's 802.11n wireless has been suppressed, since Jacinth runs hostapd on an Atheros 802.11n NIC and restricts it via my preferred firewall.
The actual router is:
Older Actiontec MI424WR variants have a problem with their NAT table running out of space; some online games and file sharing protocols open large numbers of connections which exceed the router's capacity. However, the most recent revisions including version I have a much larger NAT table.
FiOS installation was relatively smooth. None of the planning items had to be revised on the fly. The job was done in two phases: first a tech ran the fiber from a suitable backbone location to our house, just leaving a roll of fiber on the roof. If utilities are underground, digging and burial would happen in this phase. Two days later (on the scheduled date) the technician did the inside wiring. That part of the job took about 4 hours. I gave the tech some help, pulling and untangling cable at ground level while he was on the roof stuffing it down the conduit.
Here is a forum discussion of various router configurations. This page has been around for a while but is actively updated, latest 2012-06-08 (4 days ago). They show 10 variant configurations. The goal on this page seems to be to use the user's router, often because the Actiontec's NAT table is too small or 802.11 on Actiontec is unsatisfactory.
Plug another router's WAN port into a LAN port on Actiontec. If the other router is doing NAT, things get confusing from one LAN client to another, but you can communicate fine from clients to the outside world.
Same as 1 but tell Actiontec that the other router is in the DMZ. Obviates port forwarding from Actiotec to the other router, but you still need router -> client port forwarding.
Connect the other router's LAN port to Actiontec's LAN port. The other router will act as a switch. Much simpler than 1 or 2.
From this point, Verizon does not
support the configuration.
Put Actiontec into bridge mode (see the howto). Verizon's CPE management interface will still work. But the switch ports on Actiontec are not connected to the LAN and are useless. The more usual outcome of bridge mode, at least on revision I, is to bridge the LAN ports to the WAN.
Put Actiontec into bridge mode as in variant 4, assuming that you can bridge the MOCA WAN to the 802.3 (Ethernet) WAN port. Then from a LAN port of the other router connect to a LAN port of Actiontec. This will connect the LAN to the switch ports and to MOCA LAN. This looks like what I want, except I haven't yet figured out how to make it happen. See this diagram.
Variants 6 to 9 assume a cat5 connection from the ONT to the router, which is not our case.
The following items may not be of general interest, since many items involve specific features of jimc's net.
/m1/custom/restarter.conf needs to temporarily not restart these services until FiOS installation is finished:
Shut off /etc/init.d/netpolice.J and network6.
Explicitly release the wild-side DHCP address:
/sbin/dhclient -r -v -cf /var/lib/dhcp/dhclient.eth1.conf -lf /var/lib/dhcp/dhclient.eth1.lease -pf /var/run/dhclient.eth1.pid -q eth1
otter.mine.nu = 126.96.36.199 (before release), PID = 2625. After release, eth1 is still up on 192.168.1.48 ; dhclient process is gone.
Before re-enabling, adjust the parameters in /etc/init.d/netpolice.J for FiOS data rates.
(look for and remove FOO.)
Find and register the MAC address(es) of Weasel (the new router).
Find the IPv4 address of Weasel. It's expected to be 192.168.1.1 and if so, no reconfiguration will be needed because this is already assigned to the old Weasel.
After everything works in vanilla mode, reconfigure Weasel to bridge mode, preserving as much function as possible. The default user ID is "admin" and the password is something truly random, on the sticker on the bottom of the router.
After installation, check if Verizon is sending IPv6 route information. Adjustments to /etc/init.d/network6 will be done later if feasible.
tcpdump -l -i eth1 -c 10 ip6
5 minutes of listening: silence.
Trace to 188.8.131.52: the instance we get is your.org.ge2-5.br02.chc01.pccwbtn.net , a global network service provider, sites in USA (Virginia), France, Southeast Asia, and Latin America. Has a Hong Kong atmosphere. Ad: Guaranteed cheapest Viagra. For IPv6 connectivity we're sticking with Hurricane Electric.
Restart these services (and remove the exception in restarter.conf):
The tech neatly connected the ONT directly to the cable running to the office, i.e. to Jacinth and Weasel. Put coax back as it was, with the office cable on the head-end splitter so it can send MOCA anywhere in the house, and the ONT on another head-end port. (Done.)
In their setup instructions, Verizon suggests that you check your speed using their tester, and the installation tech will want to do a speed test to see if you're getting the data rate you're paying for. Unfortunately it does the test and then doesn't display the results, using both Chromium-18.0 (libQtWebKit4-4.7.1) and Firefox-12.0 on Linux. Hence I did my own speed tests using iperf, available from the SuSE Build Service. Here are the command lines; the port varies depending on what the respective firewalls will let through that isn't being used.
|Jacinth||iperf -c harlech -p 443||Harlech||iperf -s -p 443|
|Harlech||iperf -c otter.mine.nu -p 2231||Jacinth||iperf -s -p 2231|
The machine connected to FiOS (via Weasel) is called Jacinth. The remote partner used for these tests is called Harlech. Most of the tests lasted 10 seconds. Speeds reported by the server are shown; the speed reported by the client is consistently about 200Kbit/sec higher, probably due to data buffered by the kernel that isn't properly accounted for. See below about Netpolice.
|Service level for DSL is 768 kbit/sec in, 128 kbit/sec out|
|DSL||Jacinth||Harlech||No||382||Over service level|
|DSL||Jacinth||Harlech||No||381||50 sec test|
|Service level for FiOS is 15000 kbit/sec in, 5000 kbit/sec out|
Netpolice is significant: it reduces throughput by a few percent to avoid queue clogging on intermediate routers. Without it, competing traffic kills shell interaction and streaming audio/video. It looks to me like the ONT, unlike on DSL, regulates the client's data rate using an algorithm similar to that of netpolice, so high volume incoming data doesn't kill other connections. This would happen if a client were streaming video-on-demand and were downloading a movie on DVD at the same time, so likely Verizon received customer complaints and configured their ONT to enforce sharing the bandwidth.
Remaining setup steps:
Weasel has 2 USB ports. Could this be for networking to the client?
No, these are host ports for
features in future firmware, such as
network attached storage or a network printer.
Presently the 4 LAN switch ports and the MOCA LAN bridge are stuck together and are bridged to MOCA WAN. There has got to be a way to get these disentangled. The following steps depend in making this happen.
Reactivate MOCA for Iris.
Try out MOCA for Piki. May involve cutting through plasterboard to replace the upstairs splitter.
The keyword for the web hosting is
Verizon FiOS Personal Web Space.
You get 10Mb with the free service (more can be purchased). They provide
Site Builder tool. I didn't investigate it much beyond
reading the introductory material.
I investigated their mail service slightly more deeply.
You can import mail from various other services such as Hotmail and Yahoo.
I failed to find the setting (if it exists) to forward all mail, received by the Verizon service, to another mail server.
There is a webmail server on which mail can be read, called the
Verizon Message Center.
Received mail can be retrieved from incoming.verizon.net port 995 (secure POP3, hiss, boo). Jimc recommends IMAP (port 993 for the SSL-enabled variant, or 143 with STARTTLS) whenever there's a choice, since the IMAP protocol is much easier and more flexible on both the server and the client. These mail clients are supported; I think that means that they have help writeups for these, not that service is impossible on others (assuming they can do secure POP on 995).
Outgoing mail should be sent to outgoing.verizon.net port 465
(secure SMTP, deprecated, hiss, boo). This port is a kludge which slaps
SSL on top of SMTP. It is deprecated by the developers; the modern way to
handle SSL (in all services) is to offer a STARTTLS command or equivalent.
Port 587, called
submission, is the assigned port for this mode of
secure SMTP. Their server actually will accept a connection on 587,
identifying itself as
Sun Java(tm) System Messaging Server, but it
does not offer STARTTLS and does accept authentication without encryption.
This is completely broken!
Verizon blocks port 25 (SMTP) originating from the customer's FiOS or DSL. This is an attempt to reduce spam sent by customers, since it's a fact that most spambots send on port 25. However the problem can be circumvented easily since a mail server listening on 587 has to accept unauthenticated connections, since senders from outside the organization (including spammers) do not have organization accounts, by definition.
All of these procedures refer to the STP checkboxes in the bridge group. STP means Spanning Tree Protocol, governed by IEEE 802.1d and extensions. The issue here is that if there are multiple routers and network segments, troublesome loops are possible, which can be detected and suppressed by STP. Each router sends out packets once per second to announce its role in the agreed-on spanning tree and to detect changes in the network. In the typical SOHO (Small Office / Home Office) situation there is only one router and no possibility of loops. In this case jimc says that STP is irrelevant and might as well be turned off.
Jimc's summary/rewrite of the HOWTO for activating bridge mode by DaDrgon (2007-01-20).
Get logged in to the router's GUI; DaDrgon discusses this extensively, but as of 2012 they set up the router with a truly random password printed on the sticker on the bottom of the router.
Once on the router, hit My Network -> Network Connections. Click on "advanced" at the bottom of the connections list.
You should see:
Click on Broadband Connection -> Settings. Key items should already set like this:
Procedure for releasing the DHCP lease and killing the Internet
connection. If you forget this step,
you can wait 2 hours for the lease to expire, or call Verizon Customer
Service and beg them to release it from their end. I'm not sure what
promptly really means, but you don't want the router to decide
to get a new lease before you finish.
Back to Network Connections, click on Network(Home/Office) -> Settings. Look for Bridge. On the row for Broadband, click on STP.
At this point, jimc deviates from DaDrgon's procedure.
Plugged Jacinth eth1 -> router WAN port and LAN (switch) into router LAN port. Lost communiction with Weasel which is on the LAN ports. tcpdump on eth1 shows only our transmissions, no incoming packets. Reverted (eth1 to router LAN)
Do the usual apply procedure. The router reboots, takes about 60 secs. While it reboots, move eth1 to router WAN, and connect router LAN to the house LAN (switch/hub). Eventually Piranha appears and you can log in again.
Broadband is back to getting IP automatically. Repeat the procedure. Also turn off firewall. Let's reboot again to make sure it "took". It didn't. Several times. This was not a success.
Jimc's summary of the
howto for getting into bridge mode by Celestil (2009-05-25).
Celestil does the
apply procedure after each individual change.
Jimc thinks this is anally retentive: it seems to be OK to make all the
changes on one page, then apply them all at once. But if you navigate to
a different page before applying, you would lose the changes.
Also see the discussion above of STP (Spanning Tree Protocol).
He hard resets the router and restores defaults.
Advanced -> System Setting -> Disable auto WAN detection (apply) Actually, on the iteration that worked I left this turned on, with the default of continuous retries.
Wireless -> Basic Security Settings -> Wireless Off (apply)
Firewall -> General -> (pick Minimum) (apply)
MyNetwork -> Connections -> Advanced (should stay set in following steps). The following are all inside MyNetwork -> Connections
Broadband -> Settings -> Relese Lease (apply??)
Broadband -> Settings -> IP Distribution, pick Disable (should already be set; else apply)
Broadband -> Settings -> DNS Server, pick None (apply)
Broadband -> Settings -> IP Address, pick None (apply) (when it's in bridge mode you won't see any of these settings.)
Network(H/O) -> Settings -> IP Distribution, pick Disable (apply)
Network(H/O) -> Settings -> DNS Server, pick None (apply)
Network(H/O) -> Settings -> IP Address, pick "Use This Address" and fill in an unoccupied address on the LAN. (apply)
Network(H/O) -> Settings -> In the Bridge group, left column, uncheck Coax and Wireless; check Broadband and also the STP box; apply after each step (jimc says: turn off STP). STP = Spanning Tree Protocol. Jimc says: Do check Ethernet/Coax! This is what you're bridging to!
This actually puts it in bridge mode. There's a warning box, hit Apply. The router reboots.
Network(H/O) -> Settings -> Network -> Broadband, he doesn't say any changes, but he hits Apply anyway.
He clones the other router's MAC address so both the Actiontec and the other router are using the same MAC. Jimc believes this is only necessary if the ISP cues on the router's MAC address (like Time Warner does), and if this is done the other router should be altered to use a different MAC address. Jimc omitted this step entirely.
Connect other router's WAN port to Actiontec's LAN port.
Power cycle both routers. Other router should get an IP, Actiontec should not. This worked.
Continuing to activate local MOCA (not including local LAN ports which are bridged to WAN):
This is all going to be in MyNetwork -> Connections.
Make sure that Broadband(coax) still has no DNS, no IP.
Broadband(Ether) -Settings - Network(H/O) - no changes but hit apply.
(in Network Connections) -> Add -> Network Bridging -> Next
"A bridge already exists" … Add a new bridge.
Next screen lets you pick devices that aren't already bridged. In older router versions you would see the unused WAN ethernet port and LAN MOCA, but in revision I only the wireless is available. Useless. Cancel all. This phase of the procedure was a failure.
Several times I have investigated the WAN ether port. The lamp indicating connectivity never lights, it never emits packets, and packets sent to it vanish without a trace. This interface is definitely not up.
On the other hand, the LAN ether ports are up and active. Using two machines I was able to show that they are truly a switch: unicast traffic sent to one port is not seen by another, though broadcast packets to go all of them. The role of LAN MOCA is unclear.
Wonders never cease!
Open source download page for the MI424WR.
Here you can find the hacked elements of the
firmware that are under GPL
or LGPL, and a readme telling how to install a ARM toolchain and compile the
(hacked) sources. To get it onto the machine you need a serial debug board --
and where do you plug that in? (Presumably a header on the motherboard.)
Sparkfun website: This vendor seems to have reasonably priced breakout boards and cables, needed to hack devices like the MI424WR.
Unfortunately this is not quite the treasure trove I had hoped. The main
part of the software is
Jungo. Despite the name this is
proprietary material. It seems to be all written in Java and to include
the bridge management infrastructure: the sources do not include brctl or
recognizable predecessor command-line tools.
I'm preparing a message to Actiontec. Here is Actiontec's support form. The message:
(Date installed: 2012-06-15; firmware 40.19.22; MOCA to ONT.)
I have special security issues requiring that my gateway machine be the primary "router". I have my MI424WR in bridge mode and it's working nicely, but this is bridging WAN MOCA/Ethernet to the LAN ether ports plus LAN MOCA, making LAN MOCA useless for data transport on my LAN.
What I would really like to do is: WAN MOCA bridged to WAN ether, LAN MOCA bridged to LAN ethers, wireless disabled (some people would want it on the LAN), DNS and DHCP (client and server) handled by the other machine. This URL tells how to do that: http://www.dslreports.com/forum/r17679150-Howto-make-ActionTec-MI424WR-a-network-bridge (by DaDrgon, 2007), but I believe this is for revision D, and with revision I you can only activate one of WAN MOCA or WAN ether, not use them as a bridge pair, as far as I can see.
Do you have any suggestions for bridging WAN MOCA to WAN ether on revision I?
Their answer: basically, you can't do that.
OpenWRT is an excellent open source alternative to the Jungo OpenRG management software, which runs on quite a variety of router-type machinery beyond the Linksys WRT-54G for which it was originally developed. OpenWRT has an official port to the Actiontec MI424WR, but only revisions A, C or D, which use a different CPU and devices. Here is a link to OpenWRT's wiki page for the MI424WR. I don't think I want to take the lead in bringing OpenWRT to revision I, but revision I is very impressive and someone else could get a lot of result from such an effort.
Something like this would be within my time limits and actually would probably be necessary as a first step in porting OpenWRT: to evict the stock firmware and put Debian for ARM on the machine, with a non-obsolete kernel and a complete set of modules. Here are the results of preliminary reconnaissance.
Here is what I found using nmap:
|80/tcp||http||Same management GUI on all HTTP ports|
|992/tcp||telnets||telnet over SSL|
|4567/tcp||unknown||See Botnet Service|
|Plus 60 nonresponsive UDP ports that aren't closed.|
To connect to the telnet port, you need to
enable it in the management GUI. Advanced -> Local Administration ->
Allow telnet on port 23. Connect using telnet and give the loginID and
password, same as on the web. You get a sort of serial version of the
Jungo OpenRG management software. Do
help all followed by
help $category or
help $command (substituting the item you are
interested in), for a very brief description of the available commands.
help -s $string will search for items containing that string.
If you give a category command you're in a kind of submenu.
will get you out.
I'm not sure if there are items in the serial interface that you don't get in the GUI, but the GUI seems very complete, and a medium intensity review of what's available didn't turn up any treasures except for these:
bridge info told about the same story as the GUI does,
but it listed a mysterious second bridge called br_s0, containing the
Network(H/O) bridge itself (I thought recursive bridging was illegal), the
LAN Ethernet switch, and the broadband device (MOCA).
system shell will spawn a shell. This is
from Busybox. Hacker support is very limited; there is no grep, more, or
find. It does, however, have both cp and dd. You have to use
(and your scrollback buffer) to view system files.
Linux version 184.108.40.206feroceon #1 Tue Oct 11 12:32:09 PDT 2011
MemTotal: 123916 kB (interpreted as 128Mb really total)
From /proc/mounts and "df": The root filesystem is likely from cramfs (1.9Mb); can't tell how they manage read-write. A jffs2 filesystem of 32Mb (10Mb used, 22.7Mb free) is also mounted from somewhere. Looks like saved instances of the conf file(s), software images, and a log file.
I copied about 4.4Mb of stuff, but the byte counts on br_s0 increased by only a few kbytes. In kernel 3.2.9 you can look at /sys/class/net/br_s0/brif/ to find out its members, but not in kernel 2.6.16. There is no brctl program (or recognizable bridge admin tools).
ath0 and ath1 are definitely wireless devices, not MOCA; they have wireless statistics that are irrelevant on MOCA. The MOCA device driver apparently does not create network interfaces.
These are a few key modules; not every module is shown.
c.LINKEN2510 MOCA 1.1)
For hacking the MOCA, this thread (O.P. rtoledo) (2007-11-25) on page 9 has a comment by azuretech (2008-09-08) pointing out that Entropic has a SDK available with Linux driver sources, so it should be possible to figure out how to get net packets out of the MOCA devices.
The MOCA chips do not give rise to network devices, and clearly the need to handle MOCA in userspace makes flexible bridging (like I want to do) very difficult. I wonder if a tun/tap interface would be helpful.
Only has cramfs and jffs2. If you plugged something into the USB port you could read it as a block device but could only interpret it as cramfs because jffs2 only works on MTD, not USB mass storage.
9W when booting, 12W in normal operation. The wall wart dissipates more power than I would expect.
I tried bringing MOCA LAN back to life by putting in a separate MOCA channel station. I have pairs of Actiontec ECB2200 (not the V version, for Verizon) and Netgear MCA1001; results with either one were similar. Unfortunately I'm getting inter-band interference. Here are the bands:
When I run LAN and WAN on the same coax, they fight; it looks like they continually kick each other off the media. Similar symptoms with both brands of MOCA bridge. Moving FIOS LAN to 1500MHz allows FIOS WAN to communicate most of the time but FIOS LAN still can't get connected. Verizon set-top boxes cannot be changed from channel D1 (1150MHz), and the MI424WR-I also has no control to make it switch.
OTA signal is disturbed,
obviously by FIOS WAN. Appearance:
macroblocks, sometimes complete loss. Moving FIOS LAN to 1500MHz
helped but did not eliminate the problem.
One possible solution is a low-pass filter with a cut point
somewhere around 850MHz. The Actiontec ECB2200 MOCA channel station
includes such a filter, which can be engaged or not from the web
configuration interface, but it didn't help very much. The channel
station has two coax connectors labelled
(the ECB2200-V has only the
in port), and
out is to be
connected to the TV or DVR.
When the coax from the office is dedicated to MOCA WAN, and the OTA TV is split up to cover the rest of the house, there is no interference and everything is fine. This precludes MOCA LAN, so this is what I'm trying to get away from.
When OTA TV feeds to the head end, and the ONT and office cables go on branches of the head splitter, the TV signal is interfered with. Interference is less when MOCA LAN is on 1500MHz, but is not completely avoided, and I blame this on MOCA WAN on 1000MHz.
Amplifying the OTA signal helped a lot; the problem is no longer seen. The OTA antenna already has an amplifier attached to the antenna itself, but evidently more gain was needed.
I removed the Actiontec MI424WR-I entirely and used my own MOCA channel station(s). Even so, using two MOCA channel stations at the same site but on different frequencies has not been feasible; MOCA WAN seems to work but MOCA LAN can transmit a signal only about 5% of the time. So unfortunately I have had to remove the channel station for MOCA LAN. By itself, the Netgear MCA1001 communicates fine with the ONT, when configured for 1000MHz and when given the correct encryption key.
I would like to bring back the Actiontec MI424WR-I, because obviously they have solved the problem of inter-band interference, and this hardware would make a good replacement for the Koolu if it ever breaks. But this is going to take major effort in hacking.
The router's webserver listens on several web-related ports, as well as port
4567 on the wild side. In older revisions it required a loginID and password,
not the one given to users but same for all routers and widely known on the
web. This authentication style was widely discussed in terms of a swarm of
millions of bots. Verizon may have taken this threat seriously: revision I
will not deliver any content to an ordinary user, returning 403
Unauthorized (HTTP, not HTTPS). This is connecting from a LAN port with
the router in bridge mode.
In my configuration it isn't really feasible to chew on this port from the wild side and I can't say for sure what security measures they may or may not have, either at the router, in the ONT, or in the upstream routers. However, someone with cat-5 to the router could tap into this connection, i.e. connect the ONT, the Actiontec and his own laptop all to a network hub, and could dig up some more information.
If I were designing the port 4567 service, I would configure it to require
a X.509 certificate from the client, signed by my own (self-signed) root
certificate, and I would replace this root cert on the router frequently,
in case a Verizon employee went over to the
dark side and used the
client certificate issued to him for nefarious purposes. The
software by Jungo in fact can do this configuration on any of the ports
it listens to.
Since I can't get service from port 4567 I can't report what that service might be if I had proper credentials, but I saw a screenshot from an older router version which looked like the normal web interface. I would guess that 4567 is used by customer service people for troubleshooting: for example, checking if the user's computer or set top box has an IP address and will answer ping, all of which is available from the web interface. Or to jigger the user's configuration if it somehow got messed up.
OpenRG software by Jungo also can be configured to check a
server for updates, and to install them automatically. I saw one forum post
where the user said he downgraded his firmware to restore a function that
disappeared, and the router automatically updated again, annoying him
considerably. I believe this feature is not tied in with port 4567.
When initially introduced the acronym was FOIS
Optic Information Services, but it conflicts with the harmony
grammar for English and so everyone pronounced it "FiOS", so Verizon
went along with that spelling.
Wikipedia article about FiOS. Some details from that article: Verizon follows the ITU-T G.984 standard for the physical protocol. In particular, optical fiber has three frequency/wavelength bands that are particularly suitable for data transmission; they are assigned like this:
Optical Network Terminal. This device translates between
the three signal bands on the fiber (POTS, TV, data or
and their normal format on copper conductors in the customer's
Multimedia Over Cable Alliance, referring to an industry
organization that maintanins and enforces a physical protocol for
transmitting 802.3-type (Ethernet) data over coaxial cable. MOCA
can coexist with
conventional TV signals as it operates at
a higher frequency. As utilized by Verizon there are two major bands:
the 1000MHz band is used to connect the ONT to the house router,
and the 1150MHz (or higher) band distributes data to MOCA-equipped
such as set-top boxes. The 1000MHz band has subchannels but they
are used as a group to give about 250MHz bandwidth. The router uses
one high band channel individually for about 50MHz datarate.
Many MOCA to Ethernet bridges only can use the 1150MHz band,
D-band, and cannot do anything on the 1000MHz band.
E-band refers to the 500-600MHz band and is used by satellite
TV (DirecTV). Most MOCA bridges can't handle that either.
Voice Over Internet Protocol. The voice signal is
digitized, then compressed by a choice of codecs, and is sent to the
other end using a normal TCP/IP connection. Incoming VOIP is
decompressed and then performed by the client's
Plain Old Telephone Service. This involves copper wiring at baseband to the phones. From the ONT outward the signal is handled by VOIP on the normal data bands.
Network Address (and Port) Translation. Internal
clients send packets to outside servers via the NAT router. It alters
the packets to appear to come from its own wild-side IP address on a
randomly chosen port. Replies get the inverse treatment. Some
protocols put addresses and ports inside the packets, and a helper
Application Layer Gateway) is needed to do NAT on these
Small Office / Home Office.
Wide Area Network, also known as the
Internet. Hackers reside there.
Local Area Network. Generally the hosts on the LAN are
under your administrative control and they have only one route to
the wild side, through your router, referred to as the
Spanning Tree Protocol, defined in IEEE 802.1d. If multiple routers are connected to multiple network segments, loops are possible. The STP is a procedure by which each router, communicating only with the neighbors it is connected to directly, can break loops by disabling ports. In the typical SOHO environment there is only one router and two network segments (LAN and WAN), and STP is irrelevant.