I have recently changed out my ATT UVERSE Router/Modem for the 4th time due to being compromised.
I have the 5268AC. The NV Models keep getting smacked. I realized that after the 4th Router/Modem change from ATT that the root of my issue is my Public IP address. The public IP ts called"dynamic" but that is wrong, It doesn't change and wont. Dealing with UVERSE INTERNET/ROUTER/MODEM/FW. support is not good and they know little about security.
Anyway, I cant get answers from anyone about the 5268ac including the manufacturer.
-The Residential Gateway/Router/Modem by default has 2 IP addresses. By default 172.16.0.1 and the other which the name is actually 5268ac "airties" is DHCP 172.16.1.0. All the TV boxes, WiFi & Wired devices are also get DHCP (172.16.1.0). Mine is similar but not default. I have only http and https traffic allowed.
-The Gateway Web Interface is supposed to be encrypted, but the certificate fails. This is out of the box standalone with no Internet. The MAC address on the 5268ac physical device does not match what ATT Smart Connect shows. ATTLOCAL.NET works sometimes not all of the time. This is insane, considering these interfaces are widely copied and fake to allow hackers to get your information and passwords. In theory, only port 80 and 443 should be allowed however its not the case and blocking other ports using FIREWALL RULES does not work and states"Protocol can be entered by number or by name. If entered by number it must be in the range of 1 to 143 inclusive. If entered by name, it must be one of "all" (or "any"), "ip", "icmp", "igmp", "ggp", "ipencap", "st", "tcp", "egp", "pup", "udp", "hmp", "xns-idp", "rdp", "iso-tp4", "xtp", "ddp", "idpr-cmtp", "ipv6", "esp", "ah", "rspf", "vmtp", "ospf", "ipip", "encap", "sctp", or "udplite". The problem is ports 1-143 bad and entering the protocol name sort of as a wildcard works sporadically at best.
I am on disability and work from home, the HOA forced UVERSE on us and made it look like you were not allowed to have another ISP so, I left Xfinity stupidly following what the whole neighborhood did. This seems to be ATT UVERSE's monopoly marketing program across Florida. It may be across their entire network, I'm not sure. I can barely work with their terrible max bandwidth and CANNOT WORK without spending hours on my security alone every week. Having trouble finding any information about these issues.
Let me know if anyone has any input on the following: THX in advance.
1) The “RESIDENTIAL GATEWAY” web interface is not encrypted, the Certificate is bad. Is this normal for this device? And what about using IP versus "ATTLOCAL.NET"?
2) There is no clear information regarding "NETBIOS INBOUND PROTOCOL CONTROL. I'm at a loss of it's purpose, can anyone explain?
3) I'm unable to add a cascaded router behind this router due to housing issues I don't have control of. What are my options with controlling open ports with these conditions?
4) A network LAN/WiFi scan shows one of the Cisco Cable Boxes(DVR) shows the following:
What is this"mini_httpd/1.19/bhoc, the 5268ac also shows. Does anyone know what it is?
5) Why is the Web interface a Static IP address and the "5268ac" Dynamic?
6) The ports opened to outside are different on the Static Router and the DHCP modem. Anyone know about this?
7) LAN/WiFi scan consistently since day1, shows the MAC on the 5268ac ending in "B1" sometimes "B2". The MAC address on the actual PHYSICAL 5268ac DEVICE ends in "B0". This has been done from multiple machines including Ios, Windows, and Linux. Anyone know about this?
8) Regarding changing your public IP address, does anyone know if this can be done without getting a paid static ip from ATT ?
9) The manufacturer of the device or ATT says this device has “ENHANCED WIFI” capabilities of some sort provided the 2.4GHZ & 5 GHZ WiFi range have the same SSID, passwords, and 802.11 standard. If you do make changes, which are necessary at times. Signal strength is no better than the previous NV models. The router config will error when you try to save the config. Anyone know what this “ENHANCED” mode is?
1) Its a self signed certificate, its not that the certificate is bad, its just self signed, browsers will always say your connection may not be secure as they wont have the certificate installed. Install the cert and you'll be good to go. At least I'm fairly sure on this, its not too big of a deal though as the only possible way for that to be intercepted is by someone on your network, so if someone were to intercept it you could outright walk up to them and tell the to knock it off
2) NETBIOS allows for network boot and network OS, things like that, leave that on if, you would know 100% if you need it off, and the likelihood of you needing to turn that off is very, very low, it blocks incoming NETBIOS traffic
3) In the RG's GUI, Settings -> Firewall -> Applications, Pinholes, and DMZ -> Add a new user-defined application, It'll allow you to set up customer applications to pass though the firewall
4) Its the hostname for the device, nothing beyond an identifier
5) Not sure what you mean by this
6) Not sure what you mean by this either, if you're running 2 routers you need to configure the firewall on them both
7) Never seen that before, possibly related to which wifi tech your on (2.4/5GHz), could be different radios have different MACs, not sure
8) Can't be changed, don't believe anyone who says it can be, even if its someone from AT&T, it can't be done, your non static public IP is decided purely automated, very rarely it'll change on its own, but normally it wont, just that it can and without warning, which is why its not a static IP.
9) Quite likely its just related to how the RG can, if properly configured (Same SSID and WPA key for the 2.4 and 5GHZ bands), can automatically put a device on the optimal wifi tech for it at the time, also allows for mesh wifi networks
*I am a trusted partner that is associated with AT&T, and the postings on this site are my own and don't necessarily represent AT&T's position, strategies or opinions.