Update: Looking for the Westell 9100 default password? It’s admin / password1.
Verizon finally came and hooked us up today. Here are a few things I’ve noticed so far:
- The tech thought it strange that we have a huge LCD TV but no TV service at all. He also thought it strange that we had no phone line.
- The technician came with a USB drive and a SecurID-type dongle. He requested to use a Windows machine so he could run it. Since my computer took a while (it hasn’t been used in a while, and I also have it locked down a bit so that it won’t, for example, autorun USB drives), he was talking a bit. Apparently the USB drive contains a set of applications that log into the router to perform initial configuration. (He connected via WEP key first, so it’s possible it works over wireless, too.) He also mentioned that it fixes WinSock, which made me a bit nervous since I’m pretty sure WinSock doesn’t need any fixing. It sounds more like it fixes common network issues. He also mentioned that one day the server it connects to went down, and that the techs were told to “do it by hand,” but no one even knew what steps were involved anymore.
- He had a Toughbook with a cellular modem. He mentioned that if the laptop didn’t work, he could use that to configure the router, but that they weren’t supposed to, and had to write up a report explaining why they didn’t use the customer’s computer.
- The router connects to the ONT (Optical Network Terminal) over coax, using MoCA. The fiber ends at the coax; there’s no fiber run inside your home. It’s also possible to plug into the Ethernet port on the ONT, though what I’ve read suggests that you can only use MoCA or Ethernet, but both cannot be enabled simultaneously.
- My router is a Westell 9100. The default password is admin / password1 — this isn’t provided, and it took a little bit of Googling to find.
- The Westell appears to run embedded Linux, based on the fact that the system log feature is obvious dmesg/syslog stuff, including “kern.info NET4: Linux TCP/IP for NET4.0″ A few other notable lines:
- kern.info IP: routing cache hash table of 512 buckets, 4Kbytes
- kern.info TCP: Hash tables configured (established 4096 bind 8192)
- kern.alert 802.1Q VLAN Support 1.8 Ben Greear [email]
- kern.alert All bugs added by David S. Miller [email at redhat.com]
- kern.warn Watchdog started Kick jiffies = 10
- kern.warn Danube Port Initializaion
- Various references to IPSec and ipsec_null_init, an Infineon DEU for MD5/SHA1/AES/DES
- Several entries about MAC addresses being changed, and to atypical formats at that
- The Westell uses pool.ntp.org to synchronize its clock. This is improper and expressly prohibited for a preset value: end users are invited to use pool.ntp.org (a ‘cluster’ of thousands of NTP servers), but you’re supposed to get a vendor CNAME before shipping devices using the pool.
- The Westell has a webserver running on port 4567. I can see a handful of connections from 184.108.40.206, which resolves to sw01.verizon.com. They’re hitting a URL that are long strings of numbers. The majority of the requests came back with a 401 Unauthorized, but a few were authenticated. If I open a remote connection on this port, I can speak to the webserver, though it rejects all my connections. (Incidentally, if you nmap it from outside to make sure it’s locked down, and pass the right flags, nmap generates a lot of strange HTTP requests, including 401, 501 Not Implemented, and a lot of 400 Bad Requests. With a URL containing a space (%20) and some weird characters, a 404 came back, which seems improper: a 401 should really take precedence, no? Googling seems to suggest that this port is open so Verizon can remotely upgrade it, but it seems troubling that it’s not locked down other than with BasicAuth. If a vulnerability were found in this webserver implementation — which is apparently meant to allow low-level management — it could allow someone to mess with a lot of peoples’ routers. At least one forum suggests it’s a TR-069 implementation, using SOAP to manage CPE.
- It’s fast, though I’m yet to hit the promised speed. We pay for 25/15 Mbps; tests get me about 19 Mbps down, and very close to 15 Mbps up. Part of it may be that 25 Mbps is a ridiculous amount of bandwidth for a server to be pushing; I’ve worked with plenty of servers on 100 Mbps drops (into much bigger backbones), and 25 Mbps would be a big spike in any of them, albeit doable. So a busy server might struggle.
- Even though the Westell is improperly using the NTP pool, it doesn’t seem to have an option to run an NTP server on the LAN. As best as I can tell, it’s strictly used to keep the logfile timestamps accurate. Perhaps it’s necessary as part of a security mechanism (e.g., a time-based key system) for remote access over 4567. I kind of hope it is.
- The Westell keeps lots of counters on packets and bytes, but doesn’t seem to want to speak SNMP.
- Despite being a Linux device that doesn’t let me ssh to it, use NTP, or query it over SNMP, it has a good feature set for home users. A dumb-user-friendly interface allows me to see/manage all devices on the network, and you can set up rules: like “Johnny’s computer can’t go online after 10pm” or “Johnny’s computer can’t access playboy.com” There’s also QoS support and Dynamic DNS support for several major clients.
- It’s possible to download a configuration file. It includes references to passwords, though I’m not sure how they’re used.
- It comes with an out-of-the-box WEP key, which is good. It’s possible to use WPA, though I haven’t set it up. You can disable SSID broadcast (default is to broadcast), and do MAC restrictions.
- Don’t Sign Up for FiOS
- NTP Pool?
- Do you have the time?