I have an internet hardware question, but I'm not using a Linux machine at the moment, so I'm asking it in this forum.
GeneralThis forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have an internet hardware question, but I'm not using a Linux machine at the moment, so I'm asking it in this forum.
Hello everyone, I have an internet hardware question, but I'm not using a Linux machine at the moment, so I'm asking it in this forum.
I finally got fibre internet set up in my apartment, but at the moment I'm using only a Windows 10 laptop until I get everything straightened out. Then, I can put together a new Linux machine and delve back in.
My question is: Is it necessary to change the username and password on the ONT for security?
I've had a terrible time trying to do it. I'm trying to use the browser (Microshaft Edge) to access the webUI, but I can't get anywhere. Every IP address I've tried, in every doc I've found, has said "took too long to respond" or "refused to connect".
In my opinion, for what its worth, the password should definitely be changed, if for no other reason that default passwords are, for all practical purposes, public.
Unfortunately, I can't speak to the difficulties you are having accessing it, other than suggest maybe trying a different browser and seeing what happens.
I can explain better. My laptop is connected by wired ethernet to a switch/router/wifi unit:
TP-Link Deco X50
I was able to change the username and password for the Deco (I had to go through a lot of crapola to do it, but that's the short version).
The Deco is connected by wired ethernet to the ONT. The ONT is:
Nokia XS-010X-Q
The installation technician (my ISP is Distributel) said it is a dedicated ONT, having no other function. I don't know much about this, so I'm not exactly sure what that means/doesn't mean. It came with no documentation at all, so I hunted around the web for info.
I found somewhere that this model ONT has a default username and password that looked very insecure to me, so I decided to change them. After trying unsuccessfully to access some sort of configuration dialogue, I ended up calling Distributel. First, they said there was no way to change the username or password. Then, they said only Bell (who owns Distributel) could change them, and then they said it didn't matter because the ONT's function could not be altered in the first place.
At that point, I really didn't know what to believe. I went through Nokia's website looking for a customer/tech support phone number or email address, to no avail.
I wish I knew more about this. It could be that I'm tearing my hair out over nothing. On the other hand, I could be taking a serious risk every second the ONT is powered-up and connected to the fibre.
It would be an enormous relief to find that the ONT is a dumb box that can't be f*cked with. It could be true that having the username and password might only yield read-only info that poses no risk. At this point I just have no idea.
There is no need to change the username or password. The ont is just a converter box from fiber to copper.
I am guessing you might be able to access the device by unplugging the fiber and router, reboot the box, plug the desktop directly into the ont and try via the web browser with the posted address. I would be surprised if you could login. Be careful not to damage the fiber...
IIRC Win 10 has "ping" and "traceroute" (they spell it differently but it does the same job) and I seem to recall some version of "nmap" is available too (might need to download it) and those 3 tools in a command terminal should help you find out where the bottleneck is. MS also names what in Linux is "ifconfig" differently (ipconfig?) but iirc "route" works as expected.
Thank you all for your responses, including those in the other thread. I'm not worried about the ONT anymore.
My post in the other thread was for a different consideration. For reference, it was:
"If I connect a computer directly to the ethernet port on an ONT, what will happen?"
What I had in mind was removing the Deco switch/router/wifi unit entirely. I don't use wifi in my apartment at all, and at the moment I have only one computer (and no other internet devices, eg. streaming, etc.). However, when I asked the installation technician about connecting my computer directly to the ONT, he said that having a router between them was mandatory. With all due respect to the technician, I'm not convinced yet.
My thought is to eliminate the router by setting up the computer to do the routing itself. Can this be done? Or, is it a bad idea from the start?
I strongly recommend having a separate firewall device of some kind. I have a mini PC running PFsense but there is other firewall software available. While you can do it with just linux and it's built-in filtering as a beginner I would suggest using a firewall distribution.
I just looked up the Deco X50 and it is a top of the line router so I am not sure why you would want to use something else. You should be able to turn off wifi if not needed.
Greetings everyone, first I wanted to thank everyone for their help so far!
I've made some discoveries, so I'm back with more questions.
I am now able to access the webUI version of the configuration dialogue for the Deco router (I had to use an app on my phone via wifi at first). This dialogue has a page that shows "CWMP" settings, including:
ACS username and password
Connection Request Authentication username and password
STUN username and password
All of these usernames and passwords are defaults of the extremely unsecure sort.
I've started reading about CWMP, ACS, and STUN, but it looks involved enough that it will take a long time before I understand them well enough to know what I'm doing. I feel a certain sense of urgency about changing these usernames and passwords, but I thought I'd better ask you folks first because I don't want to break anything I can't unbreak (eg. I lock myself out somehow).
As long as you make an accurate log of some kind of the User and Password changes, you won't break anything. As a backup, many routers have a Factory Defaults reset button and some have guided and even forced factory firmware updates. A few have replaceable BIOS/Firmware chips. I know firmware seems scary to many but it's just software. Just keep notebook or even photo records and you'll be fine.
STUN is a protocol for real-time voice, video and messaging. You should be able to turn off STUN, CWMP as well as ACS. I would not expect them to be enabled by default but whatever. If they are disabled then no need to worry about username or password settings.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.