XB6 Modem Settings/Requests/Firmware Discussion

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I'm a Reliable Contributor
Posts: 377

Re: XB6 Modem Settings/Requests/Firmware Discussion

Are there any suggestions on how to make the wifi network more secure (I believe this is called hardening).  So far, I have done the following:

 

- created a stronger password

- MAC address filtering

 

Would disabling the SSID work and would it cause issues with other devices connecting to the network?

 

Thanks

Highlighted
Resident Expert
Resident Expert
Posts: 6,826

Re: XB6 Modem Settings/Requests/Firmware Discussion

@Alex4161 not sure of which modem you have, but, set the following wifi parameters for both 2.4 and 5 Ghz wifi:

 

WPS Enabled: OFF
Security Mode: WPA-Personal
Auth Mode: WPA2-PSK
Encrypt Mode: AES only      Do not use any form of TKIP or TKIP/AES combo.  TKIP is not secure and should not be used.

 

Wifi SSID and passphrase.  Personal opinion, fill both character sets with random character strings.  The SSID field is 32 characters long, the passphrase is about 61 or 62 characters long depending on which character sets you use.  Because the SSID field is something that you rarely if ever have to fill in, I recommend filling it with random characters.  The passphrase field, same idea.  Yes, entering the passphrase field into something like a mobile phone is a pain, so, you probably won't change it very often.  If you prefer to keep using a shorter passphrase, if its not a random collection of characters, numbers, etc already, then pad the passphrase with a number of random characters.  The acceptable length these days is probably a minimum of 30 characters, maybe slightly more.  Ok, so where is this going?  The encryption used in wifi is a hashed result of both the SSID and passphrase.  Hackers can break into wifi networks by forcing a device to deauthenticate.  A portion of the wifi fields are not encrypted, so, a hacker can actually deauthenticate a device on your network.  Then all a hacker does is record the exchange between the device and modem when the device authenticates with the modem in order to return to the wifi network.  At the point, with the recorded data, the hacker runs a comparison between your encryption data and a set of precomputed hash tables.  Those hash tables are comprised of known passwords or passphrases, and known SSIDs.  Over the years millions of passwords and passphrases have been stolen from various sources.  Human nature being what it is, if you've thought of a passphrase, then its probably been used before.  So, some enterprising individual has taken all of that stolen data, combined it with dictionary terms, and run a hash program to generate the resulting encryption data.  So, at this point, it becomes a simple search to find your encryption data among millions of precomputed data sets.  For short and simple SSIDs and passphrases, that search might only take a few minutes.  More complicated but readable SSIDs and passphrases might take a few hours.  The goal here is to prevent any use of those tables by using complex, long, random character sets for both SSID and passphrase.  That's not to say that wifi encryption can't be hacked, it can, given today's Graphic Processing Units (GPUs), but the goal here is to make this as complicated as possible, and take so long, that anyone attempting to hack your wifi will go elsewhere as there are easier targets to choose from.  

 

Random passphrases can be generated on the following GRC site:  https://www.grc.com/passwords.htm

 

Every time you refresh that page, it will generate new passphrases.  You can use that page as a source of character strings for both SSIDs and passphrases. 

 

Fwiw, the next generation of wifi encryption, WPA3 is supposed to be much harder to crack, but, problems with that standard have already been discovered and its not out the door yet, into consumer equipment.  

 

Disable UPNP.   That's not a wifi setting, but, disabling UPNP will ensure that a rogue application can't change any modem settings on its own.  Now if you do use UPNP for gaming for example, you should consider disabling UPNP and setting any port forwarding rules yourself. 

 

Disabling SSID isn't much of an impediment these days unfortunately, and it will probably result an any Apple devices from operating on your wifi network.  Works for everything else I believe, but Apple devices are a problem.  Its worth checking to see if Apple has changed its policy, but I doubt it. 

 

If you have an XB6 modem for the Ignite TV service, check for an 802.11w enable/disable.  When enabled it will encrypt some of the fields of the 802.11n message which are currently not encrypted.  That would prevent anyone from sending a deauthenticate message to kick a device off of your wifi network as a precursor to a hacking attempt.  I don't know what effect that would have on non-Windows devices, so, if you do experiment with it, check any tablets, phones and apple devices to see if they can still connect with the wifi network. 



Highlighted
I'm a Reliable Contributor
Posts: 377

Re: XB6 Modem Settings/Requests/Firmware Discussion

Thanks. I have the XB6 and will check it out.
Highlighted
I've Been Here Awhile
Posts: 2

Re: XB6 Modem Settings/Requests/Firmware Discussion

Did you find out a place to change that setting? 

Highlighted
Moderator
Moderator
Posts: 1,783

Re: XB6 Modem Settings/Requests/Firmware Discussion

Hello, @kayranse.

 

Welcome to Rogers Community Forums! 

 

Thank you for joining this conversation, which setting are you trying to edit? You can check this support article to access the gateway through GUI or the Ignite WiFi Hub app.

 

Provide us more info on what you are trying to accomplish so Community can guide you accordingly. 

 

Cheers,

RogersMoin

Highlighted
I Plan to Stick Around
Posts: 35

Re: XB6 Modem Settings/Requests/Firmware Discussion

To repeat here:

 

For the Technicolor CGM4140COM in my house the update happened a couple of days ago.

 

The version before:

eMTA & DOCSIS Software Version:Prod_18.1_d31 & Prod_18.1
Software Image Name:CGM4140COM_4.0p6s3_PROD_sey
Advanced Services:CGM4140COM
Packet Cable:2.0
 
The version after (now):
eMTA & DOCSIS Software Version:Prod_18.1_d31 & Prod_18.1
Software Image Name:CGM4140COM_4.0p9s1_PROD_sey
Advanced Services:CGM4140COM
Packet Cable:2.0
Highlighted
I Plan to Stick Around
Posts: 106

Re: XB6 Modem Settings/Requests/Firmware Discussion

My system time is off by an hour in the latest firmware on the Techicolor.  Tried rebooting and still the same.

Highlighted
Resident Expert
Resident Expert
Posts: 1,010

Re: XB6 Modem Settings/Requests/Firmware Discussion


@kibosh wrote:

My system time is off by an hour in the latest firmware on the Techicolor.  Tried rebooting and still the same.


Confirmed.  I'm seeing the correct standard time (GMT-5) not DST.  I don't know whether this would break time-based parental controls or if Rogers needs to do this to keep parental controls from breaking.



Highlighted
Moderator
Moderator
Posts: 504

Re: XB6 Modem Settings/Requests/Firmware Discussion

Good morning @kibosh and @-G-,

 

We hope your Saturday is off to a great start! We appreciate your bringing this matter to our attention! 👍

 

Thanks for trying the reboot as that would have been our first recommendation. If the issue still persists, can you kindly shoot us a PM so we can have a look and possibly submit a ticket for this issue? If anyone else in the community is experiencing this same problem, we'd love to hear from you!

 

For more information on how our Private Messaging system works, please check out our blog.

 

Thank you!

RogersLaura

 

 

Highlighted
Resident Expert
Resident Expert
Posts: 1,010

Re: XB6 Modem Settings/Requests/Firmware Discussion


@RogersLaura wrote:

Thanks for trying the reboot as that would have been our first recommendation. If the issue still persists, can you kindly shoot us a PM so we can have a look and possibly submit a ticket for this issue? If anyone else in the community is experiencing this same problem, we'd love to hear from you!


Sure, I can send you a PM so that you can create a ticket for this issue.