11-24-2019 12:24 PM - last edited on 11-24-2019 12:28 PM by RogersCorey
Hey guys, I noticed we don't have a dedicated thread on the XB6 modem like the Hitrons. I'm making this thread so we can talk about the various settings and requests for future changes through firmware updates. For me the biggest issues with the modem is we cannot block specific devices from internet access and we cannot use custom DNS servers.
With the Hitrons we could use a custom DNS without issues, and if we bridge the modem we can also use a custom DNS so I don't see why we aren't given the option with the XB6. The Xi6 boxes don't require using Rogers DNS since in bridge mode they are using whatever DNS the user has specified. For security and privacy reasons it's nice being able to choose whatever DNS server we want, and also being able to block devices like personal NAS and IoT from network access.
I know everyone is going to say put the XB6 in bridge mode and problem solved, however besides these two issues my XB6 isn't that bad. The range and speed suits my needs so why should I buy another $200-$300 router just so I can use a custom DNS and block some devices from the internet. Hopefully Rogers listens to our feedback and gives us more control like on the Hitrons.
***EDITED LABELS***
03-28-2020 12:22 AM
03-28-2020 07:41 PM
@seadooxp30 wrote:
New Firmware as of March 28-2020
eMTA & DOCSIS Software Version:Prod_18.1_d31 & Prod_18.1Software Image Name:CGM4140COM_4.0p4s2_PROD_seyAdvanced Services:CGM4140COMPacket Cable:2.0
Have you noticed any new changes with the new firmware? Can we use custom DNS or not yet? Does it still broadcast 7 SSID?
03-29-2020 12:08 AM
@ gp-se
Micro freezing after 8 PM gone completely. Cant say for sure if it was just firmware or combination of firmware and something else on Rogers back end.
Don't know about SSID, since I had to disabled wifi on my Rogers modem and using eero mesh system.
Not sure about custom DNS. Where is that option?
03-29-2020 09:07 AM
@seadooxp30 wrote:
@ gp-se
Don't know about SSID, since I had to disabled wifi on my Rogers modem and using eero mesh system.
Not sure about custom DNS. Where is that option?
@seadooxp30 If you use a Wi-Fi scanner/analyzer, you will still see beacons for these hidden Wi-Fi networks coming from your XB6 even if you have Wi-Fi disabled or have Bridge Mode enabled. The network name will not be included in the beacons (that's what makes them hidden) but you will still see the MAC address, channel, signal strength, etc. On the Technicolor XB6, you will see a bunch of sequential MAC addresses on the scan. They are a bit harder to see on the Arris XB6 because it changes the first octet of the MAC address for these BSSIDs. In either case, they become very obvious if you place your analyzer right next to the XB6 and sort the display by signal strength. These hidden networks will (obviously) also all be on the same channel.
@gp-se These SSIDs are not there due to a firmware bug. They are there because they have been provisioned by Rogers and we currently do not have any way to turn them off or to disable the radios on the XB6. The only thing that we can do is to place the XB6 in a Faraday cage or some other shielded enclosure.
03-31-2020 08:26 PM
@seadooxp30 wrote:
@ gp-se
Micro freezing after 8 PM gone completely. Cant say for sure if it was just firmware or combination of firmware and something else on Rogers back end.
Don't know about SSID, since I had to disabled wifi on my Rogers modem and using eero mesh system.
Not sure about custom DNS. Where is that option?
Where are you located? I haven't received the update in Bradford, Ontario yet.
04-01-2020 12:16 AM
@ gp-se
I'm in Richmond Hill
not sure if this firmware pushed to me only or everyone with ignite TV.
So far so good. No more freezing.
04-01-2020 02:03 AM - edited 04-01-2020 02:05 AM
@gp-se For what it's worth, I just double-checked and my Technicolor XB6 is still running:
eMTA & DOCSIS Software Version:Prod_18.1_d31 & Prod_18.1
Software Image Name:CGM4140COM_3.14p10s5_PROD_sey
The 8000 ms freezes that I had been getting seem to have been fixed. I still get some minor jitter (and, from time to time, what appears to be some load related issues in my area) but nothing like what I saw before.
I do know that some significant network upgrades are being planned for my area (from the placement of the underground vaults, looks like it will be Remote PHY) and these ongoing network issues apparently are related to this upcoming work. However, whatever fix I got for the extreme latency spikes was not the result of the "4.0" firmware update.
04-09-2020 08:38 PM
I noticed today that my Technicolor XB6 got the new 4.0 firmware. I haven't noticed any differences, however I have it in Bridge Mode. I also disabled both bands before I put it into bridge mode and it is still broadcasting 7 SSID's. I read that some people put it into bridge mode and it won't broadcast, but others like me have it still broadcasting these hidden SSID's.
04-09-2020 10:29 PM
@gp-se wrote:
I noticed today that my Technicolor XB6 got the new 4.0 firmware. I haven't noticed any differences, however I have it in Bridge Mode. I also disabled both bands before I put it into bridge mode and it is still broadcasting 7 SSID's. I read that some people put it into bridge mode and it won't broadcast, but others like me have it still broadcasting these hidden SSID's.
One of those hidden networks is used for a service that enables a brand new Ignite TV set-top box to automatically discover and join your internal private Wi-Fi network. Anybody with Ignite TV who says they cannot see those hidden networks must either have friends in high places or does not have the tools to see those hidden networks. The other hidden networks that you see are not used by Ignite TV... they are for something else... so I presume that they would be active on Ignite Internet customers' XB6 gateways even if the Ignite TV-related services are not enabled.
04-10-2020 02:26 PM
Are there any suggestions on how to make the wifi network more secure (I believe this is called hardening). So far, I have done the following:
- created a stronger password
- MAC address filtering
Would disabling the SSID work and would it cause issues with other devices connecting to the network?
Thanks
04-10-2020 02:51 PM - edited 04-10-2020 03:22 PM
@Alex4161 not sure of which modem you have, but, set the following wifi parameters for both 2.4 and 5 Ghz wifi:
WPS Enabled: OFF
Security Mode: WPA-Personal
Auth Mode: WPA2-PSK
Encrypt Mode: AES only Do not use any form of TKIP or TKIP/AES combo. TKIP is not secure and should not be used.
Wifi SSID and passphrase. Personal opinion, fill both character sets with random character strings. The SSID field is 32 characters long, the passphrase is about 61 or 62 characters long depending on which character sets you use. Because the SSID field is something that you rarely if ever have to fill in, I recommend filling it with random characters. The passphrase field, same idea. Yes, entering the passphrase field into something like a mobile phone is a pain, so, you probably won't change it very often. If you prefer to keep using a shorter passphrase, if its not a random collection of characters, numbers, etc already, then pad the passphrase with a number of random characters. The acceptable length these days is probably a minimum of 30 characters, maybe slightly more. Ok, so where is this going? The encryption used in wifi is a hashed result of both the SSID and passphrase. Hackers can break into wifi networks by forcing a device to deauthenticate. A portion of the wifi fields are not encrypted, so, a hacker can actually deauthenticate a device on your network. Then all a hacker does is record the exchange between the device and modem when the device authenticates with the modem in order to return to the wifi network. At the point, with the recorded data, the hacker runs a comparison between your encryption data and a set of precomputed hash tables. Those hash tables are comprised of known passwords or passphrases, and known SSIDs. Over the years millions of passwords and passphrases have been stolen from various sources. Human nature being what it is, if you've thought of a passphrase, then its probably been used before. So, some enterprising individual has taken all of that stolen data, combined it with dictionary terms, and run a hash program to generate the resulting encryption data. So, at this point, it becomes a simple search to find your encryption data among millions of precomputed data sets. For short and simple SSIDs and passphrases, that search might only take a few minutes. More complicated but readable SSIDs and passphrases might take a few hours. The goal here is to prevent any use of those tables by using complex, long, random character sets for both SSID and passphrase. That's not to say that wifi encryption can't be hacked, it can, given today's Graphic Processing Units (GPUs), but the goal here is to make this as complicated as possible, and take so long, that anyone attempting to hack your wifi will go elsewhere as there are easier targets to choose from.
Random passphrases can be generated on the following GRC site: https://www.grc.com/passwords.htm
Every time you refresh that page, it will generate new passphrases. You can use that page as a source of character strings for both SSIDs and passphrases.
Fwiw, the next generation of wifi encryption, WPA3 is supposed to be much harder to crack, but, problems with that standard have already been discovered and its not out the door yet, into consumer equipment.
Disable UPNP. That's not a wifi setting, but, disabling UPNP will ensure that a rogue application can't change any modem settings on its own. Now if you do use UPNP for gaming for example, you should consider disabling UPNP and setting any port forwarding rules yourself.
Disabling SSID isn't much of an impediment these days unfortunately, and it will probably result an any Apple devices from operating on your wifi network. Works for everything else I believe, but Apple devices are a problem. Its worth checking to see if Apple has changed its policy, but I doubt it.
If you have an XB6 modem for the Ignite TV service, check for an 802.11w enable/disable. When enabled it will encrypt some of the fields of the 802.11n message which are currently not encrypted. That would prevent anyone from sending a deauthenticate message to kick a device off of your wifi network as a precursor to a hacking attempt. I don't know what effect that would have on non-Windows devices, so, if you do experiment with it, check any tablets, phones and apple devices to see if they can still connect with the wifi network.
04-10-2020 03:12 PM
04-23-2020 09:44 PM
Did you find out a place to change that setting?
04-24-2020 04:57 PM
Hello, @kayranse.
Welcome to Rogers Community Forums!
Thank you for joining this conversation, which setting are you trying to edit? You can check this support article to access the gateway through GUI or the Ignite WiFi Hub app.
Provide us more info on what you are trying to accomplish so Community can guide you accordingly.
Cheers,
RogersMoin
05-29-2020 02:38 PM
To repeat here:
For the Technicolor CGM4140COM in my house the update happened a couple of days ago.
The version before:
06-05-2020 08:22 AM
My system time is off by an hour in the latest firmware on the Techicolor. Tried rebooting and still the same.
06-05-2020 10:24 AM - edited 06-05-2020 10:35 AM
@kibosh wrote:
My system time is off by an hour in the latest firmware on the Techicolor. Tried rebooting and still the same.
Confirmed. I'm seeing the correct standard time (GMT-5) not DST. I don't know whether this would break time-based parental controls or if Rogers needs to do this to keep parental controls from breaking.
06-06-2020 09:42 AM
Good morning @kibosh and @-G-,
We hope your Saturday is off to a great start! We appreciate your bringing this matter to our attention! 👍
Thanks for trying the reboot as that would have been our first recommendation. If the issue still persists, can you kindly shoot us a PM so we can have a look and possibly submit a ticket for this issue? If anyone else in the community is experiencing this same problem, we'd love to hear from you!
For more information on how our Private Messaging system works, please check out our blog.
Thank you!
RogersLaura
06-06-2020 10:31 AM - edited 06-06-2020 10:32 AM
@RogersYasmine wrote:
Thanks for trying the reboot as that would have been our first recommendation. If the issue still persists, can you kindly shoot us a PM so we can have a look and possibly submit a ticket for this issue? If anyone else in the community is experiencing this same problem, we'd love to hear from you!
Sure, I can send you a PM so that you can create a ticket for this issue.
06-07-2020 03:36 PM
Hello,
Is there a way to force an update to modem firmware? Based on version NorthGraves posted mine is quite dated.
System Software Version
eMTA & DOCSIS Software Version: Prod_18.1_d31 & Prod_18.1
Software Image Name: CGM4140COM_3.14p10s5_PROD_sey
Advanced Services: CGM4140COM
Packet Cable: 2.0
06-07-2020 03:47 PM
Can we please have the ability to configure static DNS servers?
Currently this is not accessible within the Local IP Network settings.
Recommendations are to put in bridge mode and configure downstream with additional hardware, but this isn't desired.