Broadband ISP Virgin Media (O2) has revealed that 18% of respondents to one of their consumer surveys still "break the golden rule" by switching their Hub (ro
Read the title and went: What? They want you to keep your network hardware ON, when unattended, to increase the undetected malware entry opportunities?
Turns out it as their own devices they wanted to push updates to.
I would really prefer to use my own device though and even better, configure it myself after learning how the ISP’s network works. But convenience is what it is.
Not illegal, but the ISPs are seemingly under no obligation to give you those details. In Germany, there’s the “freedom of routers” embedded in the telco law. So they HAVE to give you everything you need to get your custom router online via their wire/fibre.
Bridge mode is just using the ISPs router and bridge that into your router. It’s not the same - you still need the ISP’s access device instead of just yours.
Not illegal, but the ISPs are seemingly under no obligation to give you those details. In Germany, there’s the “freedom of routers” embedded in the telco law. So they HAVE to give you everything you need to get your custom router online via their wire/fibre.
OIC, so, same as here. Germany seems to be having pretty well made laws in these cases.
Bridge mode is just using the ISPs router and bridge that into your router. It’s not the same - you still need the ISP’s access device instead of just yours.
Except that it is a layer 2 bridge and I couldn’t connect to the network directly, either way, because their line is copper [1] and consumer routers/modems are usually RJ45/RJ11.
I feel like we can do the same in other places too.
It just doesn’t make much sense for me to buy one of those, considering I don’t expect to be using a copper endpoint anywhere else I go.
I probably will get my own Fiber modem when viable (as in, I get a provider that doesn’t force their own modem on me).
The major Fibre player here, requires use of their modem, of which, even the WiFi password can only be changed using their Android app. Said app connects to the internet and most probably tells their systems the new password to change to (which would of course, be in plain text), which then remotely changes the WiFi password.
Most probably, other major ones do the same.
There are some smaller players (probably Tier2/3 ISPs), which would let us have our own modems after enough effort, so I’d probably go with one of those.
It’s only Virgin Media to my knowledge who does this.
Most of the other providers are happy for you to use anything that works properly for VDSL or FTTP.
Most FTTP providers fit an ONT that puts the connection back into an RJ45 ethernet connector.
Then you connect to the provider using PPPOE. Anything past the ONT, you can do whatever you like.
The malware argument is a bit weak, if your router is vulnerable to something it’ll likely be found and pwnd in a matter of minutes, so turning it off a night won’t really save you. And once a patch is released, it’ll be reverse engineered in a few hours/days, so ideally you want patches as soon as they are released.
Using your own device is usually a good idea anyway, telco stuff is usually pretty mediocre.
And as soon as your device is slightly custom, it becomes a less valuable target.
It’s much more than just a bit weak, unless you are somehow continuously monitoring it, so yeah, in most end-user scenarios, it would hardly make a difference to keep it on, even if there were no updates.
Read the title and went: What? They want you to keep your network hardware ON, when unattended, to increase the undetected malware entry opportunities?
Turns out it as their own devices they wanted to push updates to.
I would really prefer to use my own device though and even better, configure it myself after learning how the ISP’s network works. But convenience is what it is.
Yep, after moving from Germany to the UK I was pretty surprised that in the UK you’re not supposed to get this kind of information from your ISP.
In Germany you can get your own DSL/cable/fibre modem and your ISP has to give you the necessary information to get these devices into their network.
Wait, do you mean, it’s illegal to ask for it?
Not illegal, but the ISPs are seemingly under no obligation to give you those details. In Germany, there’s the “freedom of routers” embedded in the telco law. So they HAVE to give you everything you need to get your custom router online via their wire/fibre.
Bridge mode is just using the ISPs router and bridge that into your router. It’s not the same - you still need the ISP’s access device instead of just yours.
OIC, so, same as here. Germany seems to be having pretty well made laws in these cases.
Except that it is a layer 2 bridge and I couldn’t connect to the network directly, either way, because their line is copper [1] and consumer routers/modems are usually RJ45/RJ11.
↩︎
See, in Germany you can buy your own cable modem or fibre endpoint and connect that to the copper wire/fibre line.
I feel like we can do the same in other places too.
It just doesn’t make much sense for me to buy one of those, considering I don’t expect to be using a copper endpoint anywhere else I go.
I probably will get my own Fiber modem when viable (as in, I get a provider that doesn’t force their own modem on me).
The major Fibre player here, requires use of their modem, of which, even the WiFi password can only be changed using their Android app. Said app connects to the internet and most probably tells their systems the new password to change to (which would of course, be in plain text), which then remotely changes the WiFi password.
Most probably, other major ones do the same.
There are some smaller players (probably Tier2/3 ISPs), which would let us have our own modems after enough effort, so I’d probably go with one of those.
It’s only Virgin Media to my knowledge who does this.
Most of the other providers are happy for you to use anything that works properly for VDSL or FTTP.
Most FTTP providers fit an ONT that puts the connection back into an RJ45 ethernet connector.
Then you connect to the provider using PPPOE. Anything past the ONT, you can do whatever you like.
The malware argument is a bit weak, if your router is vulnerable to something it’ll likely be found and pwnd in a matter of minutes, so turning it off a night won’t really save you. And once a patch is released, it’ll be reverse engineered in a few hours/days, so ideally you want patches as soon as they are released.
Using your own device is usually a good idea anyway, telco stuff is usually pretty mediocre. And as soon as your device is slightly custom, it becomes a less valuable target.
It’s much more than just a bit weak, unless you are somehow continuously monitoring it, so yeah, in most end-user scenarios, it would hardly make a difference to keep it on, even if there were no updates.