Verizon FIOS Internet Support "Incident"
fschuff
Newbie

Warning ****  the contents of this post are not pretty and can cause severe gastric irritation as well as headaches and severe depression ****.

I called FIOS Internet support on 3/16/2012 to reset my IP address because someone is trying to remotely login to my computer thousands of times an hour. I believe this is just a random attack that hits me every so often and you at other times. Some useless person trying to break in for fun or to cause damage. These thousands of "failed" logins are not noticed by Verizon and prevented. So I called to have my IP address changed. The support tech asked to look at my settings so I said OK - that was my mistake - to assume they were qualified and could maybe suggest something I could do better. They attached to my system and the started making statements like "I can just change this." and I said "What are you changing?" No response. The wanted to change my router login password but the breakin was not to the router. Then they wanted to change my WEP configuration but it was not wireless attacks. Finally they changed the IP and restarted my router. Several hours later I realized that they had wiped out my internal configuration on the router - all of the port forwarding and wireless verification values. They did a Factory Reset rather than a Restart. A stupid and costly mistake, for me. When I called to complain I got no challenge from the Verizon supervisor because she knew the technician was 100% w-r-o-n-g! But that did not help me.

Do not let the Verison technical support people have access to your computer unless you are prepared to rebuild the router settings from scratch. As far as security functionality, the router is bare minimal - no way to filter these thousands of Login requests, only 10 wireless MAC addresses, pure 1990s technology. I have a $15 wireless router that works better that I bought and use for most wireless access. But the Verizon router is the first line of entry and access and the manufacturer says there is nothing in that system that will help prevent these attacks. It has to be my PC that rejects the attack.

You would think that Verizon could stop Login attempts that are from one IP address and directed at one IP address and occur at a rate of about 3000 per hour for hour upon hour. Maybe they even see the rejected Login attempt returned and could use that to stop the attacks. This is 2012 and there are many sophisticated systems to prevent attacks. Why would Verizon make individual users try to implement these for each account rather at a global level. Maybe if Verizon really cared or wanted to provide a secure internet service they would.

The incident cost me many hours to rebuild the settings. Maybe I got them all. These things grow over time and they all do not get logged. I take responsibility for not backing up the router before I called Verizon but they need to take responsibility for letting this Technical Support person loose on me.

0 Likes
2 Replies
smith6612
Community Leader
Community Leader

What exactly are they trying to access on the PC itself? Are you running a VNC, FTP, RDP or an SSH server by any chance? The router can be set to firewall off specific IPs if the port scans/probes/attacks are coming in from a common IP. If they aren't going after any of your forwarded services in the router, NAT should be taking care of that and a Firewall setting in the router should also be blocking any IP that port scans if such an action can be set.

Besides that, Verizon doesn't need access to your computer to reset the router. They have a TR-069 server which I'm afraid is more likely to be exploitable on the router itself and allows them to pop in at any time and simply install what they wish (Firmware updates, router settings). The best thing to do is to save a copy of your configuration file, or to just set up your own router as a primary.

Also, I would rather not rely on my ISP to filter traffic for me. The dumber the pipe is, the better it is.

0 Likes
jumpin68ny
Master - Level 2

If you release your DHCP of your VZ router for a few hours (I think 2 hrs???) you will probably get a new IP address.

0 Likes