| reply to ArizonaSteve
Re: [Qwest] New Firmware Q1000 Thanks ArizonaSteve, yes, I surveyed the new menu layout and as far as in the last revision of the firmware something L34, I had all remote administration off unless Qwest/CenturyLink had a backdoor I wasn't privy to. It really pi--es me off on what they did, I own the equipment and they push a unsolicited software upgrade that left the unit vulnerable to unauthorized access by members of my internal network. I was given no notice nor did I give explicit authorization to hijack and hack.
Its like taking over somebodies telephone or fax machine and reprogramming the device functionality without your authorization or knowledge. I'm fortunate there wasn't a malfunction during the pushed upgrade otherwise I might have had a bricked modem/router.
The last time I had a network outage greater than 8 hours which happen after the Qwest acquisition CL came back online and connected me with a 5mbit service. I noticed but didn't say anything.
I had perfect service until that outage. CL was going to let me ride with the 5mbit service while I had the 7mbit package. I squawked foul, called them on it after trying to explain my situation with a English challenged speaker and just like magic, I was back to were I supposed to be.
The sad thing is, I think, CL was going to continue giving me the slower speed while I was paying for the higher speed. So I suggest to everyone, check your modems and see if you are getting what you pay for unless another upgrade comes along so you can't check.
I hate being cynical but I call it as I perceive it. |
|
Reviews:
 ·T-Mobile US
 ·voip.ms
·Sipgate VOIP
 ·CenturyLink
1 edit | I haven't had any of the updates change any of the settings unless I performed a Restore to Defaults or pressed the Reset button on the back. Did you have an Admin password set too? They probably do have a back door into the unit but setting the password should keep everyone else out. |
|
| reply to Dave651
What I do is bridge my modem they can't touch it if its a "dummy modem" and I use my cisco router to manage dhcp and ppoe auth.  |
|
| reply to Dave651
Dave,
I understand how frustrating this is and would like to help please email account information to us at talktous@centurylink.com. We will be able to review services and answer questions.
Thanks
Patti
Centurylink Help |
|
| reply to Technicholas
As do I. It's a pain doing firmware updates though. |
|
1 edit | Backdoor is likely there. Even if you disable remote administration, the Q1000 with Qwest badge still answers on SSH from the internet (fun if you want to port-forward SSH to an internal server). If you get into the BusyBox shell ('sh' after logging in locally via SSH), you'll find a 'support' ID in /etc/passwd along with 'admin'. Other postings indicate similar Actiontec hardware with a Verizon badge has a high TCP port left open for remote administration.
In Portland, OR, firmware QAQ002-31.20L.4 showed up recently. There are many new or changed menus in the Advanced Setup section, particular in preparation for IPv6.
Warning if you muck around. I found on the earlier firmware that some un-enabled menus are available if you muck through the HTML directory listing and try loading them in your browser. If you actually try loading some of them, you can give your Q1000 amnesia -- a pin reset was required to re-establish service, not just a power-cycle. |
|
sulli2p
join:2002-08-19
Minneapolis, MN | reply to Dave651
Yep. My owned (not rented) Q1000 was also "upgraded" recently without my knowledge, using a backdoor around my password. I only found out because my SMTP send stopped working. Turned out somehow CL disabled port 465 (which support denies (my workaround is 2525 until they block that)), and replaced my secondary OpenDNS server with their own. My Slingbox had also stopped working, a simple reboot fixed that. Now many of the firewall port config options are greyed out.
Do they really think that all users keep their default settings and that they can make these upgrades "transparent". Or would they prefer that knowledgeable Internet users simply take their business elsewhere. |
|
| reply to openupshop
My Q1000 updated to this version automatically over the last day or 2, and I still have access to main.html
I did notice the interface changed but is still branded as qest, am surprised the branding didn't update. |
|
dprus
join:2010-01-15
Issaquah, WA Reviews:
·CenturyLink
| reply to openupshop
It appears as though CenturyLink also forcefully upgraded my firmware as well. What's worse is that even though the /main.html page is still there, it's completely broken.
A lot of the links give me 404 errors, my dynamic DNS configuration is no longer working, and that page is also giving me a 404.
So, not only did CenturyLink force an update on my modem, it appears as though they also did a crappy partial upgrade or something and broke the firmware at the same time.
Finally, when I tried to download the latest firmware to reflash it to see if that would fix the problem - the download link doesn't work anymore (»download.qwest.com/internethelp/modems/q1000). I can't even download the latest firmware and manually flash my modem now to fix it 
This is a really crappy situation CenturyLink! |
|
|
|
 msjPremium
join:2004-05-21
Fort Collins, CO
kudos:1
1 edit | reply to Technicholas
said by Technicholas:What I do is bridge my modem they can't touch it if its a "dummy modem" and I use my cisco router to manage dhcp and ppoe auth. Don't assume that when the modem is in transparent bridging mode that they still don't have a backdoor. Note that on the local side of the modem you can still log in and check status etc. while in transparent bridging mode. There's nothing preventing a backdoor on the wan side even while in transparent bridging mode, although it would be additional work for little payback (on their part, since probably a fairly low percentage of their customers use transparent bridging mode).
However, one advantage of your setup (which is similar to mine) is that even if CL screws up and does something to weaken security (in the unlikely scenario where they do have a backdoor that works for modems in transparent bridging mode) you still have your router/firewall which is not under CL control blocking access to your internal network. |
|
| reply to dprus
dprus, I can email you the file if you need it. |
|
dprus
join:2010-01-15
Issaquah, WA Reviews:
·CenturyLink
| So I got the new firmware from ArizonaSteve and applied it to my modem and I'm still getting the 404 errors everywhere when I click links from /main.html. I tried resetting the modem by holding the reset button for 30 seconds as well and that didn't help either.
I finally e-mailed the TalkToUs guys at CenturyLink and they're overnighting me a new modem (which is pretty good service). I'll be receiving that modem tonight and hopefully things will be somewhat back to normal. Just FYI for anyone else who's having the same problems I am. |
|
| I don't use main.html and don't know if I ever could but 192.168.0.1 works fine. |
|
dprus
join:2010-01-15
Issaquah, WA | I wonder then if they actually broke /main.html ? Is anyone else using the latest firmware and all the links under /main.html still work fine? |
|
dprus
join:2010-01-15
Issaquah, WA Reviews:
·CenturyLink
| So I just received the replacement modem from CenturyLink and verified that on »192.168.0.1/main.html many of the links give 404s and the pages are screwed up. This is obviously "by design" for this new firmware from CenturyLink.
It's a pity - the firmware looks broken and half-baked now and I've lost the ability to see what my actual line sync speed is (i.e. my line syncs at ~80mbit/~13mbit even though I only have the 40/5 service. At least, this much was true when I could view this information using the old firmware).
Add this to the fact that the firmware update that was automatically pushed to me broke many of my settings and forced me to spend 20 mins fixing everything and I think this entire update process was performed very poorly by Centurylink. I'm not the happiest right now. |
|
Reviews:
·T-Mobile US
·voip.ms
·Sipgate VOIP
·CenturyLink
| Yeah, looks like their main emphasis was on adding IPv6 and they didn't pay much attention to how other areas were impacted. They fixed some things that were broken before like reporting an actual value for Attenuation instead of always showing zero. Some of the features that used to be there have been moved to other areas like self tests now being located on the blue Utilities page but there doesn't seem to be any place that displays the sync speed anymore. The next upgrade will probably fix the broken links, etc. |
|
bbigg
join:2011-12-06
CF10 3BB | reply to kiknwing
Couldn't post QAQ002-31.20L.4, could you? I'm trying to figure out why what I'm building from source can't get the ethernet ports going (which I've been able to do under previous bcm source releases.
Thanks in advance |
|
| Re: [Qwest] New Firmware Q1000 - QAQ002-31.20L.4 My modem was also updated to the new software - without my knowledge, but since I am now leasing it - I guess it was within their purview.
I did have admin passwords set, remote access was enabled with an admin password that I set and had a DDNS that used to work, but now doesn't.
After several family members complained this or that wasn't working - I physically reset the modem and the broken stuff started working again. I just checked the software version and found it on the new one.
A note to Century-link --> I don't mind you updating the firmware - Just give me a head's up when you do - Please. If things break, it makes it easier to understand what happened. I am sometimes not home for weeks - so I don't know when you push, nor do I hear "oh, this stopped working" from my family. If I was aware, I could tell them, "Go power cycle the modem - and let me know if it still doesn't work".
I see several posts that customers OWN their own modem - Legally you should not push an update unless given specific approval. If you believe you have the authority - maybe it is time to reiterate that you have the authority or would like to have that authority. That equipment is theirs - not yours.
It is nice to have re-configurable equipment - don't get me wrong, but if it is my equipment - it is my decision, not yours. At least with Microsoft, you can shut off updates - because some of us want stable platforms that don't change underneath us - without our control. |
|
 aefstoggaflmOpen Source FanPremium
join:2002-03-04
Bethlehem, PA
kudos:2
·Verizon Online DSL
| said by Denver Bob :If you believe you have the authority - maybe it is time to reiterate that you have the authority or would like to have that authority. That equipment is theirs - not yours.
If this modem is not from your ISP, shame on them.
If this modem is from your ISP, that is most likely in the ToS that they can remotely control the router (including update firmware).
--
Please use the "yellow (IM) envelope" to contact me and please leave the URL intact. |
|
| reply to Dave651
Re: [Qwest] New Firmware Q1000 This also happened to me in the last November. I was traveling and the unexpected firmware upgrade caused lot of problem in my house (internet tv , VOIP etc). When returned I was wondering how this can happen without my knowledge. This post answers the question. I too think that CenturyLink should have given a heads up before forcing an upgrade. Also I notice that the modem now uses 79% of the memory while serving 12 devices. That said, I am very happy with the new firmware. I haven't noticed any change in download/ upload speed (stays constantly at 18.5 / 4.6) . With the upgrade, the modem now reserves an IP for each MAC address. Previously the devices used to get random IP from Q1000 after a reboot. I also love the automatic update of WAN IP to DynDns. This is great from me since I check my home camera (and login to the router) remotely. Also I noticed that the remote login to the router is much faster now. |
|
