Sonic.net

rtrinh wrote:During the last part of the installation my install the technician runs a speedtest and records the IP address. He makes a call with I believe ATT enterprise and answers some questions. The tech is asked some questions that seems normal like if the old Sonic/POTS line is disconnected or not, then starts to ask for the speedtest results, IP address, if the wifi is on and one thing that surprised me is the guy on the other end wants the access code to the modem.

Did anyone else hear this?

Yes, they wanted the access code and MAC address. I thought it was strange, too. Although you can change the access code, you can reset it by using the embedded access code in firmware shown on the sticker (through the I forgot the password link). I guess AT&T needs that to get into the gateway although I would presume they should have access since I can't imagine these routers not having TR-069 (and their extensions) even if it's not shown in the web page we have access to. Unless AT&T manages the devices through http and a list from an Excel spreadsheet...

The IP is dynamic, not static. What makes you think you have a static IP?

> The IP is dynamic, not static. What makes you think you have a static IP?

It is dynamic IP but it has not reset for me so far with 2 or 3 modem/router reboots over 2 weeks time. Reading the dslreports group for uverse, this seems pretty normal. Some people have reported years with the same IP. Powering off overnight *might* just get it to reset but I am happy to keep it "pseudo static". And don't forget the Sonic dyndns api if you have a domain hosted with Sonic.

As for AT&T recording the sticker info from the router...

Remember that *they* provided the router in the first place and could have recorded everything before showing up at your door. I suspect they don't bother doing that since the first router could prove faulty and thus they wait until service is fully turned up and working before noting down your base router info. Later on they can ask you to hit the reset and get in with the default user/pass even if you removed the stickers; smart really. So, none of this addresses the possibility of a backdoor. I don't know if they have one but I doubt it would rely on the default password for the router.

In fact, the main "backdoor" is that they do the firmware updates on the units and could push an update that gives them a backdoor that is not currently there. Since the thing is doing some periodic check for new firmware then it can change at any time and in pretty much any way. Same with the Sonic supported routers.

Do you know if you can operate the AT&T router as a bridge? Or are you forced to let it do NAT? Do you even have any access to the AT&T box to change its settings?

I have the Pace 5031nv-030. Yes you have access, but many of the features have been disabled in the firmware.

It will not do true bridging but many people have set up their own router behind it. One instruction page is at:

https://forums.att.com/t5/Third-Party-D ... -p/3612175

Thanks - looks like they basically just tell the Pace box to put their router in a DMZ...

Is the technology VDSL or ADSL2+? With ADSL I'd wonder whether one could just substitute your own modem without AT&T noticing. I believe VDSL uses certificates for authentication, though, and it's not possible to change modems.

My understanding is that they do use certs and that we can't access them. Sounds like that might be a product of using vdsl from what you are saying. The protocol below seems to be telling me that this is VDSL2 using profile 8d...

Modem Type Built in modem - ADSL/VDSL

DSL Line Line 1 (inner pair)
Down Up
User Rate 32223 kbs 5047 kbs
Max User Rate 54160 kbs 11246 kbs
Noise Margin 16.6 dB 17.7 dB
Attenuation 12.7 dB 13.7 dB
Output Power 14.5 dBm -10.8 dBm

Protocol G.993.2_8d
Channel Interleaved
DSLAM Vendor Information Country {46336} Vendor {BDCM} Specific {41971 }
Rate Cap 53639 kbs
Attenuation @ 300kHz 5.5 dB
VCXO Frequency Offset -5.9 ppm Ok
Excessive Impulse Noise 0 Ok

rtrinh wrote: Did anyone else hear this? Looking around and having restarted the modem a few times, it looks like we are on a static IP. Handing them the IP and the access code to the device sounds a bit too much. Even if we have the ability to change it which I've already done, who knows if they have a backdoor in.

AT&T maintains the ability to manage their CPE through TR-069 just like we manage our leased CPE. This allows them to send configuration and software updates to the CPE as well as providing an end point to assist in troubleshooting.

dherr wrote:It is dynamic IP but it has not reset for me so far with 2 or 3 modem/router reboots over 2 weeks time. Reading the dslreports group for uverse, this seems pretty normal. Some people have reported years with the same IP. Powering off overnight *might* just get it to reset but I am happy to keep it "pseudo static". And don't forget the Sonic dyndns api if you have a domain hosted with Sonic.

I see. Yeah, it behaves similar to Sonic's infrastructure. You can get a new WAN IP by modifying the MAC address of the gateway. We just can't do that on FTTN.

Thanks for getting the API working. I don't have anything hosted with Sonic but I'm quite satisfied with FreeDNS.

Hey, folks... Let's keep this thread on-topic. Please take the modem config discussion to another thread.

Guest wrote:The IP is dynamic, not static. What makes you think you have a static IP?

Yep just like dherr mentioned, I read the IP being a pseudo static on dslreports. Figured I just say static when trying to get a new IP would take some time and not guarantee.

dherr wrote: Since the thing is doing some periodic check for new firmware then it can change at any time and in pretty much any way. Same with the Sonic supported routers.

kgc wrote:AT&T maintains the ability to manage their CPE through TR-069 just like we manage our leased CPE. This allows them to send configuration and software updates to the CPE as well as providing an end point to assist in troubleshooting.

I didn't even think about this last night while I was posting this.

Guess it's just me getting a bit paranoid after reading through this thread for the past week while waiting for my installation.