Go Back   FlyerTalk Forums > Travel&Dining > Travel Technology
Sign in using an external account

Reply
 
Thread Tools Search this Thread
Old Nov 16, 12, 9:06 am   #1
Moderator: Travel Technology & Travel Photography
 
Join Date: Nov 2002
Location: NYC
Posts: 7,937
How to hack a Comcast Xfinity router?

My parents just got a home "security" system from Comcast. I put "security" in quotes because the system appears to be someone's bad idea for a joke.

Leaving that aside for the moment, Comcast installs it by plugging in a cheap Netgear WNR1000v2-VC wireless router, then plugging in your existing router behind the Netgear router. The Comcast router creates a wireless network that talks to the security system controller, which in turn talks to the door sensors and motion detectors.

Comcast won't tell anyone what the password is to log on to the router or what the Wifi passphrase is to connect to the Super Secret wifi network they create. Sadly for me, they actually did something right and set the Wifi network as WPA2/AES, so I won't have any luck playing with Aircrack.

I want to get rid of an unneeded box and interference, and add Comcast's Super Secret network as another VLAN on the existing home router. I tried pushing the WPS button on the Comcast router (it made a light on the front blink!) but my laptop running Windows 7 didn't recognize it as a WPS router.

There also doesn't seem to be a way to change what network the controller box looks for.

Does anyone have any ideas? I already rewired things to put the Netgear behind the existing home router (it interfered with VPN).
gfunkdave is offline   Reply With Quote
Old Nov 19, 12, 12:34 am   #2
 
Join Date: Oct 2003
Location: Traveling the World
Posts: 3,203
We have ATT U-Verse and AFAIK you can enter the IP Address of your router 121.202.121 etc and the password should be your Wifi WEP password or it should be on the side of the box.

We do not use a secondary router as everything goes through the ATT WiFi Modem and I must say we have not had any issues thus far. They even added a wireless TV receiver for the 2nd TV.

To access your modem what I would do is call the manufacture to see if there is a generic password. You could reset the modem by pressing in the"reset" button for 10 seconds with a pen.

Then Google the model of the modem Motorola and see what the generic password is.

Then you go in using the WiFI address to access the modem settings. Go ahead and change your WiFi password and log in to see a list of connected devices.

If the Wifi Router has a Firewall you could try opening a port in which the alarm security system runs on.

You may have to resort to getting a WiFi Bridge Router and plug in your Comcast Modem to it. It should have a WiFi capability(Netgear or Belkin) see if you can plug in the modem of the security system to it and run it that way.

You may want a Comcast Security Tech to come out and work with you and have them give you the password.

If this does not work I would get a module to plug into your phone system. If you are on VOIP some alarm systems will not work to seize the line. If you can have your parents add a second basic Plain Old Telephone Line for $10 a month then do it. If the alarm system can run on VOIP get a second VOIP line without phone company voicemail setup as if your on the phone and it seizes the line it may or may not work especially for the updates.

My hunch is Comcast does not want to give you the password because you are speaking with a Level 1 Tech. Ask to speak to a Level 3 Tech and have the Level 1 Tech open a ticket. If your alarm company tech has to do it on your behalf get Comcast on the line with the tech at your home and authorize the tech to speak with Comcast.

You can also run alarm diagnostic tests. First call your alarm company to put it into test mode. Then go to the menu settings and have it run the dialing test to see that it connects to the alarm company. Test all alarms from medical, police and fire. Do a "Walk Test". Do a Zone Test, Away Test etc.

If your alarm comes back with "connection failed" and if a beeping sounds on the panel you know there is a connection problem. Hit acknowledge and silence to void this error.

Anyways you need to have a backup battery and phone line if your VOIP goes out. You would need to make sure the VOIP modem has a battery pack installed.

In any case I reccommend a plain old telephone line(POTS) as a dedicated line for the alarm just like a fax machine alarms systems may or may not respond to VOIP systems.

Please know I don't work for an alarm company but have studied telephone systems etc. If you need any more help please don't hesitate to ask and I would be happy to help you diagnose the problem.

First take the tips above and go down the list and if it still doesn't work please reply and I will try to help or send me a PM and I can e-mail you or even do it over the phone.
danielonn is offline   Reply With Quote
Old Nov 19, 12, 3:56 am   #3
 
Join Date: Aug 2009
Location: SFO/SJC/SQL
Posts: 1,394
Quote:
Originally Posted by danielonn View Post
We have ATT U-Verse and AFAIK you can enter the IP Address of your router 121.202.121 etc and the password should be your Wifi WEP password or it should be on the side of the box.

We do not use a secondary router as everything goes through the ATT WiFi Modem and I must say we have not had any issues thus far. They even added a wireless TV receiver for the 2nd TV.

To access your modem what I would do is call the manufacture to see if there is a generic password. You could reset the modem by pressing in the"reset" button for 10 seconds with a pen.

Then Google the model of the modem Motorola and see what the generic password is.

Then you go in using the WiFI address to access the modem settings. Go ahead and change your WiFi password and log in to see a list of connected devices.

If the Wifi Router has a Firewall you could try opening a port in which the alarm security system runs on.

You may have to resort to getting a WiFi Bridge Router and plug in your Comcast Modem to it. It should have a WiFi capability(Netgear or Belkin) see if you can plug in the modem of the security system to it and run it that way.

You may want a Comcast Security Tech to come out and work with you and have them give you the password.

If this does not work I would get a module to plug into your phone system. If you are on VOIP some alarm systems will not work to seize the line. If you can have your parents add a second basic Plain Old Telephone Line for $10 a month then do it. If the alarm system can run on VOIP get a second VOIP line without phone company voicemail setup as if your on the phone and it seizes the line it may or may not work especially for the updates.

My hunch is Comcast does not want to give you the password because you are speaking with a Level 1 Tech. Ask to speak to a Level 3 Tech and have the Level 1 Tech open a ticket. If your alarm company tech has to do it on your behalf get Comcast on the line with the tech at your home and authorize the tech to speak with Comcast.

You can also run alarm diagnostic tests. First call your alarm company to put it into test mode. Then go to the menu settings and have it run the dialing test to see that it connects to the alarm company. Test all alarms from medical, police and fire. Do a "Walk Test". Do a Zone Test, Away Test etc.

If your alarm comes back with "connection failed" and if a beeping sounds on the panel you know there is a connection problem. Hit acknowledge and silence to void this error.

Anyways you need to have a backup battery and phone line if your VOIP goes out. You would need to make sure the VOIP modem has a battery pack installed.

In any case I reccommend a plain old telephone line(POTS) as a dedicated line for the alarm just like a fax machine alarms systems may or may not respond to VOIP systems.

Please know I don't work for an alarm company but have studied telephone systems etc. If you need any more help please don't hesitate to ask and I would be happy to help you diagnose the problem.

First take the tips above and go down the list and if it still doesn't work please reply and I will try to help or send me a PM and I can e-mail you or even do it over the phone.
Incorrect on so many levels with no usable information.
WChou is offline   Reply With Quote
Old Nov 19, 12, 10:08 am   #4
Moderator: Travel Technology & Travel Photography
 
Join Date: Nov 2002
Location: NYC
Posts: 7,937
Thanks, danielonn, for replying. I think you were trying to answer a totally different question.
gfunkdave is offline   Reply With Quote
Old Nov 19, 12, 4:04 pm   #5
 
Join Date: Oct 2003
Location: Traveling the World
Posts: 3,203
Sorry for any misinformation. Yes, possibly i did not understand your goal.
danielonn is offline   Reply With Quote
Old Nov 19, 12, 4:05 pm   #6
 
Join Date: Oct 2003
Location: Traveling the World
Posts: 3,203
Quote:
Originally Posted by WChou View Post
Incorrect on so many levels with no usable information.
You just said my answers were incorrect but you failed to say why. Thanks
danielonn is offline   Reply With Quote
Old Nov 19, 12, 4:12 pm   #7
 
Join Date: Jun 2008
Location: YVR
Programs: Aeroplan
Posts: 882
Try http://www.myopenrouter.com/download...nable-Utility/ this?
chx1975 is offline   Reply With Quote
Old Nov 19, 12, 5:21 pm   #8
 
Join Date: Aug 2006
Location: San Jose
Programs: UA 1k
Posts: 918
It would be instructive if you posted the current and desired topology. Also, its unclear to me why you need a VLAN, or if any of this equipment can actually create/read VLAN tags.
boberonicus is offline   Reply With Quote
Old Nov 19, 12, 6:57 pm   #9
In Memoriam
 
Join Date: Feb 2000
Location: Easton, CT, USA
Programs: ua prem exec, Former hilton diamond
Posts: 31,819
What is the interference? Have you tried changing the channel of the router you currently have to be as far from the new one as you can be?

I wouldn't mess too much with it, should it not work down the road they will most certainly blame the reconfiguration of their router as to why the alarm did not work.

Also see this thread as to why they don't want you doing what you want to do with their set up

http://forums.comcast.com/t5/Devices...s/td-p/1254975
__________________
Mike Cordelli mike@cordelli.com
cordelli is offline   Reply With Quote
Old Nov 19, 12, 10:58 pm   #10
Moderator: Travel Technology & Travel Photography
 
Join Date: Nov 2002
Location: NYC
Posts: 7,937
Quote:
Originally Posted by cordelli View Post
What is the interference? Have you tried changing the channel of the router you currently have to be as far from the new one as you can be?

I wouldn't mess too much with it, should it not work down the road they will most certainly blame the reconfiguration of their router as to why the alarm did not work.

Also see this thread as to why they don't want you doing what you want to do with their set up

http://forums.comcast.com/t5/Devices...s/td-p/1254975
Yes, thanks, I did just change the channels - we have two wireless APs in the house, plus the Comcast Netgear router. It's more of an annoyance to me that Comcast's home security solution is so shoddy. But, as my mom said, it's cheap.

I don't really see what reason you're referring to in the link - I'd read that before and it just sounds like Comcast thinking users are all idiots (true in 98% of cases). I did put the Comcast router behind my router, so it's just a device on the network. It all still works fine. Apparently you have to open port 80 if you have any cameras in the house and want to see them remotely. (Scary: port 80? Really?) Also, it just annoys me that Comcast provides such an inelegant solution. Why should I need to have two wireless networks in the house when this could easily be done with one?

As an aside, there is an option on the security system controller to expose the customer's router to the Internet...but it didn't work with ours.
gfunkdave is offline   Reply With Quote
Old Nov 20, 12, 4:52 am   #11
Used to be PorkRind
 
Join Date: May 2004
Location: Have Gun, Will Stay at Home
Programs: TrueBlue Mosaic, MR Lifetime Silver (whatever the hell that is)
Posts: 2,091
Quote:
Originally Posted by gfunkdave View Post
Apparently you have to open port 80 if you have any cameras in the house and want to see them remotely. (Scary: port 80? Really?)
If your perimeter router is worth anything, it supports port forwarding . . . if you don't like port 80, forward some other external port to it.

It really doesn't matter that much in the end. If a port is open, a port scan will find it.

Given the evidence so far, I'm assuming Comcast's security model for the cameras is less than special. Are you sure you want to open that port?
Dodge DeBoulet is offline   Reply With Quote
Old Nov 20, 12, 9:44 am   #12
Moderator: Travel Technology & Travel Photography
 
Join Date: Nov 2002
Location: NYC
Posts: 7,937
Quote:
Originally Posted by PorkRind View Post
If your perimeter router is worth anything, it supports port forwarding . . . if you don't like port 80, forward some other external port to it.

It really doesn't matter that much in the end. If a port is open, a port scan will find it.

Given the evidence so far, I'm assuming Comcast's security model for the cameras is less than special. Are you sure you want to open that port?
Sure, it's technically possible to forward an arbitrary external port to port 80 on an internal device - but Comcast apparently needs port 80 open on the WAN side.

It's all moot anyway - we don't have any cameras.
gfunkdave is offline   Reply With Quote
Old Jun 2, 13, 7:18 pm   #13
 
Join Date: Jun 2013
Posts: 1
Comcast Secuity Router

I am a Comcast Tech. Unfortunately, once the install is complete the security router locks everyone out "even the tech". You will notice that you can't even see the security router on the network. As long as u do not have cameras you can put your router in front of the Comcast security router and you should be fine. However, if you do have cameras they would not be seen from behind your router. The setting in the control panel that lets your router be seen on the web is hit or miss at best. I hope this info will be helpful.
donlavaughn is offline   Reply With Quote
Old Jun 2, 13, 7:34 pm   #14
Moderator: Travel Technology & Travel Photography
 
Join Date: Nov 2002
Location: NYC
Posts: 7,937
Hi donlavaughn. Welcome to Flyertalk and thanks for the useful info! Interesting that the router locks everyone out - even the tech. I suppose you have to reset it to factory to get back in? How does the control pad thingy that talks to the router know what wifi network to connect to? I'm assuming there's some hidden network setup menu in there?

In any case, I did put the Comcast router behind the main house router. We don't have any cameras so it doesn't matter. Thanks.
gfunkdave is offline   Reply With Quote
Old Jun 2, 13, 8:17 pm   #15
 
Join Date: Dec 2009
Location: RDU
Programs: DL DM (segs), Hilton DM, Marriott Pt, TSA Opt-out Platinum
Posts: 987
Quote:
Originally Posted by gfunkdave View Post
Hi donlavaughn. Welcome to Flyertalk and thanks for the useful info! Interesting that the router locks everyone out - even the tech. I suppose you have to reset it to factory to get back in? How does the control pad thingy that talks to the router know what wifi network to connect to? I'm assuming there's some hidden network setup menu in there?

In any case, I did put the Comcast router behind the main house router. We don't have any cameras so it doesn't matter. Thanks.
gfunkdave, I PM'ed you a link on hacking a WPA2 router that has WPS. It works even if the SSID isn't broadcasting. WPS is a gaping security hole on any router (whether it's actually used or not). Another good reason to run DD-WRT or some other firmware that doesn't have WPS.
HDQDD is offline   Reply With Quote
 
 
Reply

Bookmarks


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off
Forum Jump


All times are GMT -6. The time now is 2:11 pm.