23
7
My ISP has been accessing my router, (to fix or update something). The ISP’s router is GigaHub 823G-2 (FTTH conection) and my router is a TP-Link TPTD-W8968. They accidentally changed my SSID and thanks to that I realize the following:
- I have no control over the device, no telnet, some fixed values, etc.
- If I need to restore from factory, I would need to call them.
- Passwords are unencrypted.
- I feel my own devices, connected to this router, potentially vulnerable.
I found this question very relatable:
Does an ISP have admin access to your modem/router?
Since I can't replace the device entirely with my own, I thought about putting my own router behind theirs.
Here is mentioned the bridge alternative, which I don't fully understand:
ISP modem/router, how do I enable Bridged Mode and use my own router?
None of this routers have a bridge mode, so I did the following:
I connected my own router via Ethernet to the ISP’s router. Then in my router the wan is:
- IPv4:
192.168.2.10
- Subnet:
255.255.255.0
- Gateway (ISP’s LAN):
192.168.2.1
I also disabled UPnP and dynamic DNS from both, and Wi-Fi from the ISP’s router.
So will the devices connected to my router be secured from anyone inside of the ISP’s router?
Could someone tell me if this is a bridged connection, or its difference from a bridged connection?
The setup I mentioned above seems to be working as expected, but I want to be sure it's the right way or at least the safest way to do it.
1How about you don't use the router supplied by your ISP, and how about you call them up tell them to access your router, if they do then ok.. Then change the router to another make (or lock down your router wtih whatever settings you see), then call them and say you have a problem can they access it.. And if they can't then I guess maybe mission accomplished . BTW you should do an online port scan on your router to see what others see. – barlop – 2019-04-23T08:10:07.687
1In some ISP-provided modem/routers you can put a device in the DMZ, which will open it to the internet. You could place your router there if you're planning to manage port forwarding from your own router. If not, you can stay within the router's LAN. Also note that some ISPs do some routing trickery to manage e.g. digital television, which will often require that you connect your digital TV box to the ISP modem/router or do lots of networking (for which the info is often not provided by the ISP). – BlueCacti – 2019-04-23T08:41:46.443
@barlop The ports used by the ISP may not be internet-accessible, as they may use a seperate VLAN (virtual IP) for your modem which would be in the internal network of the ISP, while your browsing etc. would go out through a public IP. In some countries it's often very difficult to obtain a modem-only connection for which you provide your own router, unless you get an enterprise contract. – BlueCacti – 2019-04-23T08:45:04.380
3You don't need a bridge, do you? Just put your new router behind their router by cable, disable WLAN on theirs, do everything over yours. I'm confused why you'd even mention a bridge. – Mast – 2019-04-23T10:42:47.483
@Mast when you say he should put his router behind theirs, do you mean he should put his nearer the wall? if so, why not just not use theirs at all? – barlop – 2019-04-23T21:43:31.023
@barlop A port scan is a good idea, I will do it. – None – 2019-04-24T00:00:52.913
@BlueCacti They indeed use some internal network between customers and the Internet, and they also provide me with digital television, so replacing their device is not a simple thing. – None – 2019-04-24T00:01:24.240
@Mast The bridge mode would turn off the router capabilities of the ISP's modem/router and leave it only as a modem, delegating routing to my device. But as I mentioned above, the option is not available. – None – 2019-04-24T00:01:52.737
I tried the above setup an it's not only working but it has improve the performance since the job is now split into two devices. – None – 2019-04-24T00:02:10.510
"replacing their device is not a simple thing" - why? There's an RG6 coax cable that comes into your house, right? Is your ISP unwilling to support third party cable modems, so that they can charge you extra money to rent theirs? The "right way" is not paying for that. – Mazura – 2019-04-24T02:41:59.520
@Mazura Configuring a new modem with settings your ISP doesn't want to supply isn't easy. It's not right, I know, and with a bit of pushing you can usually get a long way anyway, but 'they' want a sense of uniformity/control/whatever and like their modems being first point of entry. – Mast – 2019-04-24T07:23:47.057