This story began at the very beginning of August, when a notice appeared on the wall of the entrance to our house saying that MGTS company is modernizing its network, and therefore we ask residents to provide access for technicians to their apartments.

The brainwashing has begun...

So, the first thing I did was call MGTS on their phone number 8 495 636 06 36 to find out about the happiness awaiting us. It turned out the following: our house is being transferred from “copper” to “fiber optics”, and therefore the old copper wire, through which the landline telephone was connected for many decades, will no longer be needed, and communication will be provided through a fiber optic line. Additionally, a special router will be installed in the apartment, designated a modem on the MGTS website, thanks to which it will be possible to use not only a home telephone, but also high-speed Internet and digital television. If desired. That is, this router is not quite ordinary - it not only “distributes the Internet”, as is the case with all routers, but is also responsible for the operation of the VoIP phone and digital TV. Works both over a wire and via Wi-Fi.

This technology is called GPON, it is described on the MGTS website, it is currently very promising, and has the following advantages:

• high Internet speed: from 10 Mbit/s to 1 Gbit/s;
• high-quality telephone communication and stable access.

Plus, GPON technology involves laying “fiber optics” directly into the apartment, without the need to divide the signal between all users connected to the provider within a given house, thereby guaranteeing a constant and stable speed of the Internet channel.

GPON also has a disadvantage that no one will tell you:

• in the event of a power outage, your landline phone will stop working, because it now depends on the “outlet”.

All this is interesting, but I am a very busy person and my employment directly depends on the Internet. At that time I was connected to the Stream provider ( Home Internet MTS), which also works through a telephone wire, only copper, and using ADSL technology, not GPON. Yes, Stream’s speeds are not the same, although the subscription fee is the same, but it was very important for me not to be left without the Internet.

However, during the conversation, the girl told me that the ADSL modem would stop working after upgrading, because it was a different technology, and I couldn’t refuse the new equipment. Progress! I can not let the masters of the “favorite Moscow telephone monopolist” in, but after a certain amount of time my landline telephone (and with it Stream) may simply stop working when MGTS stops supporting the old technology. Such a statement seemed to me very controversial and rather dubious. At least for the coming years.

I, of course, flared up, calling all this coercion, because I was “alright with everything anyway,” but then I realized that I was wrong: you shouldn’t be an obstacle to progress. The only thing is that MGTS and “progress” are not always intersecting concepts.

To the question: what should I do with Stream? I just paid for it, and it was the 2nd day, the girl replied that she would need to go to any MTS office ( at any- I clarified!), write a letter of termination of the contract, give them the rented modem, and they will calmly return my money for the remaining period.

Hang in there, MGTS is getting down to business!

A couple of days later we received a call from MGTS on our home phone. My mother answered, because only she uses this phone, I don’t even go near it and treat it the same way as a programmer treats typewriter. During the conversation, the girl said that the master would come to visit us on Saturday from 15 to 17 hours. Great, we're waiting.

As a result, we stayed at home all Saturday, like respectable citizens, but no one came to us. Now I’m calling MGTS with a reproach that it’s ugly to do this. To this, the girl, in complete bewilderment, replies that they will come to us only within the next week, offers to set a day, but she knows nothing about today. I’m not surprised, there’s no point in arguing with her, and, of course, I didn’t set a day.

Several days passed. They call us again and make an appointment. What to do, the mother agrees. This time the masters really came. Only the first thing we heard was: “We have arrived, but today we will not do anything for you...” The meaning is that “the central cable is damaged,” so we first need to take care of it, and then install the equipment in the apartments. “Forgive us and wait another week.” For half a day the foreman sat in our apartment and called somewhere in the control room or something like that. Judging by how he did it, one can already judge the organization of MGTS’s work.

Another ten days passed. Over these days, the MGTS company has simply fed us up! Almost every single day we received a call from their contact center with the question: “Have you installed new equipment?” To which the mother replied: “Not yet.” A counter “smart” question: “Why?” Answer: “Because our central cable is damaged, we are waiting for it to be replaced.” To this, a new, simply “brilliant” question came from an MGTS specialist: “Why don’t I know anything about this?” On the fifth day of calls, the mother could not stand it, flared up and shouted something like: “Well, how do I know, why don’t you know anything there?”

But the Day of Justice has finally come...

Installation of MGTS GPON equipment

Finally, installers from MGTS came to us again, brought the treasured box with a Huawei brand modem-router, and began to “install” it all. The first thing they wanted to do was install their masterpiece above the door. But the white modem in combination with the black adapter for the outlet does not look at all like how we imagine the design of our hallway. And they also install an outlet, specifically so that the modem can work. There is no other way. Regulations. However, we agreed to break this regulation a little and place this “most delicate” equipment downstairs, next to the bedside table for shoes. Under our responsibility.

Appearance of the Huawei MGTS GPON modem:

I was assured that this router is a “beast-machine”, Wi-Fi will hit half the entrance, I don’t have to worry about that, but everything will most likely start working from zero the next day. I didn’t connect digital TV and no one asked me about it. For the Internet, I chose Wi-Fi, not a network cable, they gave me the default password - number home phone without the “eight”, and the login is MGTS apartment number. Yep, that's right! The company’s ingenious step: if you see an apartment number in the list of wireless networks of an MGTS access point, then most likely the password for it is the phone number of this apartment without 8. In most cases, you can find it out from the MGTS database, which is freely available, for example, here on this one. As a result, while new equipment was being installed, I worked quietly, connecting to my neighbors’ access point.

In general, the installation took about an hour, after which a test call came to our landline phone, everything worked, we could hear perfectly, the Internet also worked, the documents were signed and the guys left.

By the way, they eventually connected the phone itself to the same ancient copper wire, which is almost 30 years old, twisting it with a new one behind the wall. Thus, the new one comes out of the router and is pushed into the hole from the apartment and there it connects with the old copper, from where this rarity, as before, enters back into the apartment and goes under the baseboard to the phone. Beauty! Although it was possible to trivially cut it off and directly connect the router and telephone with a new wire to the connectors. Well, okay, not a big loss. Otherwise they would have to include a new wire in the expense item. With that, we calmed down and returned to our normal lives. But it was not there!

MGTS's problems are your problems, brother!

The first thing I did, like a reasonable being, was change the password for the wireless network and sat down to work. I chose the most inexpensive Internet tariff - 10 Mbit/s for 300 rubles, which after 3 Mbit/s of Stream seemed to me higher than all earthly blessings, and I can say that there is nothing to complain about here with MGTS: the specified speed is given conscientiously , and the same for both download and upload. Yes, yes, 10 Mbit/s in both directions! On Stream, 3 Mbit/s was only download, upload - 756 Kbit/s: a drawback of ADSL technology.

Speed ​​test data:

There is also good news for torrent users: there are no problems with torrents on GPON, downloading and uploading go without problems (information for users of “cheap” ADSL tariffs of MGTS, for whom, in order to save money, MGTS began to provide “gray” IP addresses, as a result of which torrents stopped working).

The first disappointment that awaited me: the poor modem installed for us does not have external antenna and even the ability to connect it. As a result, the promised “crammed” Wi-Fi is only normally received in the corridor near the device itself. In the room, one reception bar barely glows and the speed, of course, does not even reach 1 Mbit/s. However, this problem can be solved, which I will tell you about a little later.

Testing the new promising technology did not last long: after a couple of hours, the Internet died down, and along with it there was silence on the home telephone receiver. I carefully examined the new equipment, stroked it, rebooted it, learned the meaning of all the lights and even re-entered its IP settings. I don’t remember literally what I saw there: something about the absence of a signal.

I'm calling MGTS. I describe the situation in great detail, talk about the data in the router settings, suggest sending a screenshot by e-mail (connecting to your neighbors), to which the memorized voice of the robot suggested that I turn off the modem, then the girl will reboot her equipment, I must wait 10 minutes (their equipment cannot reboot faster) and, if the problem is not solved, call them again. But she must decide!

Of course, nothing worked, I called MGTS again and even managed to communicate with technical department, surprising them with the fact that the Wi-Fi of the equipment given to me is complete... In general, none of the MGTS “specialists” began (or were able) to delve into the settings of their own router. They also don’t know that the equipment installed today may well not work until zero hours, and the only thing I achieved was drawing up an application for a second visit from the technician. Departure costs 60 rubles and he will arrive only in 2 days, no earlier. The fact that I need to work and without the Internet I’m like without hands is my problem. I managed to fight off the fee of 60-something rubles, being indignant and saying that this was MGTS’s jamb and I would not pay for it.

The next day came, at a few minutes to midnight the router flashed red for me, short beeps appeared in the handset of my home phone, and at about 0.20 the Internet started up and the phone was fully operational. I assumed this outcome, but for some reason no one at MGTS knows how their equipment works.

The next day I received a call from MGTS with another stupid question - what time was the technician scheduled for me to visit. To this I replied that the problem was solved by itself, and their master received an excellent opportunity not to miss the next lesson at the vocational school.

Then several days of peace and harmony came into our lives: the Internet worked perfectly, delivering its 10 Mbit/s, and we worked with it. But after 3-4 days the Internet was gone again. The phone worked, the Internet did not.

As a result, MGTS Internet is only good when it works. In case of problems, you will find pure hell, complete incompetence of specialists and lack of quality support.

This time I did not fill out an application, I decided to wait, and to my happiness, the Internet started working again in the evening of the same day.

Solving Wi-Fi problems

As I wrote just above, the Huawei GPON modem does not have an external antenna or a slot for connecting it. But what about Wi-Fi for residents of large apartments that this device cannot handle physically? Very simple. In exactly the same way, I once solved exactly the same problem with an equally wretched ZTE router received from MTS for Stream operation.

In the photo - ZTE ADSL modem from MTS:

First of all, I bought a patch cord of the required length, connected it to the LAN-1 port of the GPON modem, and plugged its other end into the Internet port of the D-Link DIR-320 router with pre-configured Wi-Fi and switched to access point mode.

In the photo - D-Link DIR-320 router:

As a result, a second Wi-Fi point appeared in my apartment in a place convenient for me, the signal became 100% and the speed increased to maximum.

The problems are not over: the refusal of Stream

I literally felt in my heart that it would not be so easy to give up “Stream” or MTS Home Internet. Because “going to the MTS office and returning the equipment,” as MGTS told me, is simply impossible. There are no MTS offices for a long time. Instead, there is only the “MTS” sign, under which you will find the contracting organization ZAO RTK (Russian Telephone Company), in which chaos and incompetence have long gone beyond all conceivable boundaries. The only thing that an MTS subscriber can safely do in these establishments is change the tariff or replace the SIM card. In more complex questions, you will immediately see complete stupor in the eyes of the employees of RTK MTS salons.

And so it happened. I came to the nearest MTS salon at the address: Moscow, Rublevskoye Shosse, 62A (Europark shopping center), dumped a Stream modem on their table, explained the situation and heard in response that this salon had Stream modems. does not accept. This is technically impossible. In response to the statement that they told me on 0990 “ in any MTS salon” received the answer: “they say a lot of things there...” They advised me to go to service center on Polezhaevskaya and hand over the equipment there.

But no, I don't need it. I call MTS again on 0990, describe what happened and receive an answer that in the area of ​​my residence I can return the Stream equipment in this salon, they I have to accept it, and moreover, this is the only salon nearby that can do this (although judging by the MTS website in my Krylatskoye area there are two more salons where I can terminate the contract with Stream). I politely asked how I could force the salon workers to accept such a painful fact for them, but I did not receive an intelligible answer. I was only advised to visit other MTS salons in Strogino and Bagrationovskaya, but I replied that I did not need this, I wanted to be served in accordance with the officially received information at a convenient point for me and offered to throw their wretched modem in the nearest trash heap. For this they carefully threatened me with a fine and even a trial. Very funny. I don't even pay a subscription fee for it.

So, I once again return to the same MTS salon, again I hear a refusal, but I more persistently explain that it is their salon that is obliged to accept my router and close the contract with a refund. I immediately dial 0990 and pass the phone to the salon employee to talk to the support service. They themselves also “technically cannot make the call.” This attempt to solve the problem also did not yield anything; after handing the phone back to me, the conversation was interrupted, and the RTK employee only smartly stated that he could not tell me anything new.

I left the MTS salon again, furiously called 0990 and said that I would not go anywhere else, I was their subscriber, not an errand boy, I made an application, according to which they would resolve the issue with this particular salon, and then they would call me back and tell me , when I can return to it and calmly hand over the equipment without blowing my brains out in accordance with the official information on the MTS website.

Along with this application, I described the situation on [email protected] and began to wait. Ten days passed. A girl called me and said the following: in the MTS RTK salon at 62A Rublevskoye Shosse, Moscow, the database did not work, that’s why they could not accept my equipment, but now the problem has been solved and I can safely go and return the device and close the agreement with Stream.

Arriving at the salon with a box, I only heard the usual “we do not accept Stream modems.” By God, I was ready to tell the girl Alesya everything I thought about their company and attitude to work. But then she asked me to introduce myself and, apparently having been warned, agreed to accept the modem and hand it over to Comstar in exchange for a receipt. This receipt deserves special attention. She simply wrote it by hand, certified by the company seal [the scan below can be enlarged by clicking on the picture]:

All. There was no talk of any closure of the contract or refund of funds for most of August.

In general, it is almost impossible for an ignorant subscriber to resolve this issue. I had to write again [email protected] with a request to send a scan of the termination of the contract. Then I printed it, filled it out, scanned it and sent it back. After about a week, the modem was “untied” from me, the rest of the money was returned (transferred to mobile phone), but they didn’t answer anything else. A curtain.

Summary

Dear readers! If you've read this whole epic to the end, I'm already shaking your hand. I survived it! Therefore, if for one reason or another you are unable to connect to another Internet provider, get ready for a war with MGTS and similar surprises. Otherwise, it’s better to avoid problems. Fortunately, there are options in Moscow. Yes, and it’s advisable to have a wired one MGTS phone for the majority it is already a big question.

MGTS GPon subscribers are under threat of hacking, new networks - new problems

• Information Security ,
• Development of communication systems

1. Introduction

An implementation project of unprecedented scale is underway in the capital of our vast Motherland. Gpon technology from the MGTS company under the auspices of the fight against copper wires and for affordable Internetization of the population. Number MGTS subscribers in the city of Moscow exceeds 3.5 million people, it is assumed that everyone will be covered.
The idea is wonderful - optics in every apartment, high speed internet, free connection and Wi-Fi router as a gift (though officially without the right to reconfigure it, but more on that later). The implementation of such a large-scale project (a similar device is installed in every apartment where there is at least a landline telephone from MGTS), as usual, was not without holes in the planning, which could be costly for the end user. Our company became interested in the information security issues of clients of such a large-scale project and conducted an express study, the results of which we offer to the public to inform the public about existing threats and measures to combat them at home.

2. Life in the palm of your hand

The threats turned out to be not at all illusory and insignificant, but systemic and the risk potential is difficult to overestimate. I want to warn happy MGTS subscribers against the threat to their privacy hidden not only in the ZTE ZXA10 F660 router, kindly forcibly donated by the provider (however, the less vulnerable Huawei HG8245, also installed for subscribers, is still in no way protected from “default settings”), but and in the organization of connecting subscribers to new communication lines.
This is what the operator-installed equipment options look like:

Less dangerous Huawei HG8245

Much more “holey” ZTE ZXA10 F660

There are several problems here of varying degrees of danger, some you can solve on your own, others you can only pay attention to. Let's list the main points that will help an attacker hack your home network (provided that you are an MGTS Internet subscriber):

• The WiFi password is your phone number (during the study, we encountered lazy installers who left the router’s MAC address without the first 4 characters as the password).
  This means that hacking Wi-Fi using the brute force handshake technique using the mask 495?d?d?d?d?d?d?d will not take much time, we are talking about a matter of minutes and for this it is not at all necessary to be near the target of hacking all the time . It is enough to intercept the moment of connection between the subscriber’s wireless device (smartphone, tablet, laptop) and the router, and the rest can be easily done on your home computer. This operator's miscalculation at the connection level is a gaping hole that opens the home networks of millions of subscribers to attack by intruders. This problem can only be solved locally - by independently changing the access point password to a more secure one, but the next vulnerability is much more serious, since the subscriber simply cannot effectively influence it on his own.
• We are talking about a vulnerability in the WPS wireless configuration technology, which is enabled by default on ZTE ZXA 10 F660 routers. And if in the case of an organizational miscalculation that compromised user networks at the password level, an attacker cannot hack subscribers en masse, dealing with each one separately, then by exploiting the WPS vulnerability of a router of this model, network hacking can be put on stream. The technology works as follows: for a WPS connection, a PIN code consisting of 8 digits is used. When receiving the correct PIN code, the router gives the real one Wi-Fi password. Not only can this PIN code be hacked using the well-known Reaver tool much more efficiently and faster than a complex WPA2 password, but the main problem is that it is the same for all ZTE ZXA10 F660 routers! Moreover, it can be easily found in 10 minutes on the Internet. I repeat - knowing this PIN code (which cannot be changed or turned off), within 3 seconds a real Wi-Fi password of any complexity and type of encryption is obtained, or a direct connection to the subscriber’s network is made. Thus, the “lucky” owners of this particular model of equipment (and the operator has only 2 of them, so the chance is 50/50), even if they set an impossible-to-crack password for the wireless network, will still be hacked in less than 5 seconds due to the imperfection of the technology.

3. What are the consequences for the owner of WiFi hacking?

Let’s leave aside platitudes like “free Internet”, this is not the 90s and people with gadgets usually have enough access to the Internet. So what are the threats? Let's list the most obvious ones:

• Interception of subscriber traffic, theft of passwords from postal services, social networks, messaging programs and other confidential data
• An attack on the computer of the owner of the point of sale in order to gain access to the user’s files, view web cameras, install viruses and spyware (as a rule, home PCs are much more vulnerable to attacks from within than corporate machines, here are traditionally weak passwords and irregular updates and open resources )
• Wiretapping telephone conversations. (Yes, with the switch to unsecured sip this is easier than ever). Now not only the special services, but also a curious neighbor (or maybe not a neighbor) can record your conversations using a landline number due to the fact that new technology telephony works using the unprotected SIP protocol. For the rapid interception and recording of conversations, all the necessary tools have long been publicly available.
• Phone number theft - slightly modified software router, an attacker can find out the password for the SIP account and use it to make calls on behalf of the hacked subscriber. This is not only the potential for direct loss to the owner of the number, but also the possibility of causing much more serious damage by using the number of an unsuspecting citizen for blackmail, terrorist contacts, or in order to frame the owner - for example, using this number to report a bomb to the police
• Creation of a large botnet (the number of MGTS subscribers in Moscow is 3,504,874) with the potential of each connection being 100 Mbit/s. Yes, this will require an army of lemmings, but as everyone knows, hordes of biological bots constantly live on various kinds of “vats”, which are regularly attracted by interested parties to various Internet actions, usually of a sabotage nature.
• Using a random (or non-random) network to anonymously upload prohibited materials to the Internet (Can you guess whose door they'll knock on?).

4. Protective measures

What can you do to protect your privacy in such a situation? There is little you can do yourself, but these are mandatory steps for anyone who does not want to become a victim of a poorly thought out operator campaign.
We will need router passwords that are easy to Google on the Internet, write down:

• Access to the web interface of the ZTE ZXA10 F660 router – login: mgts,Password: mtsoao
• Access to the console via Telnet protocol – login: root, password: root
• for Huawei HG8245:
  default address - 192.168.100.1
  login: telecomadmin, password: admintelecom
• Through the web interface, be sure to change the password for the access point and its name (the MAC address will still indicate that it belongs to MGTS clients, but renaming the point will reduce the likelihood of matching a specific Wi-Fi signal to a specific apartment)
• Owners of ZTE ZXA F660 should disable Wi-Fi functionality using the button on the device. At the moment, this is the only way to protect against WPS hacking.

Unfortunately, at best, only a few percent of the 3.5 million users will use these measures, the majority will never know about this article and will remain vulnerable to a real threat for a long time, until something or someone forces the operator to spend a lot money and take centralized measures to correct the technical and organizational shortcomings of the project.

5. Conclusion

What conclusions can be drawn from all of the above? The most disappointing ones are that the largest GPON implementation project (I repeat – we are talking about 3.5 million subscribers!) was carried out without consultation with information security specialists, or these consultations were completely ignored during the implementation itself. Phone passwords, non-disabled WPS with a single key, unprotected SIP telephony, passwords extracted from the WEB interface - are the result of a weak organizational component and complete disregard for basic information security standards. I am sure that MGTS is far from unique in such miscalculations; many smaller network service operators find themselves in the same situations in the field of protecting the data of their subscribers, but the scale of the problem this time exceeds all imaginable boundaries

6. Official reaction of OJSC MGTS

We, as ethical security researchers, are interested in quickly solving the problems raised above. Unfortunately, our concern did not find a response in the hearts of the press service of OJSC MGTS, whom we tried to reach using all available channels. We received only one review - through Facebook, a press service employee assured us that we can publish the existing material with a clear conscience, and then, when answering questions from the press, they will assure everyone that subscribers are safe and their data is confidential.

After a consumer purchases a Gpon router with MGTS support, he must take care of setting it up. This step will allow you to get maximum speed Internet, which is 2500 Mbit/s. Thanks to its excellent characteristics, the router will be able to cover a fairly large room with communications. This is what allowed such devices to quickly gain popularity among domestic buyers. Moreover, many manufacturers bundle this router with excellent rates for a small fee.

In this article we will look at the principles by which it works WiFi router MGTS Gpon, what features does MGTS technology have? In addition, the issue of setting up the router will be covered, and all possible problems with the network will be described. At the end, let's summarize what has been said.

Router operation

What do experts mean when they say GPON? It refers to an optical network that can provide enormous speed. As a rule, its indicator is clearly in excess if we talk about ordinary home use. Any games and videos with great quality (4K) will need a speed of 100 MB per second. That is why the MGTS router is often used to provide access to the Network a large number of users. The signal is high quality. Sometimes there may be some problems with the router. A common problem is that you need to create a wireless access point to work with a tablet, laptop, or smartphone at the same time. The main thing is not to forget to set a password on the MGTS WiFi router.

Those routers that are provided by MGTS are popular because of their low speed and multi-user mode. They also support both wired and wireless connections. What other advantages do they have? They can replace the following devices: NAT, GPON type routers, devices with 4 LAN connectors, a Voip gateway, as well as any other device that supports high speed networks. How should ordinary ordinary users understand this? These routers provide a fast home or office network with ease. Most routers support a maximum transfer speed of 300 Mbps.

Features of MGTS

The manufacturer MGTS recently began working as a provider that provides Internet services in the territory of Russian Federation. It has been on the market for about 15 years. Only in 2013 the company created a project to form a fiber optic network. The provider is able to provide excellent rates for a small fee. The minimum of them provides a connection speed of 30 Mbit per second, and the maximum - 200 Mbit/s. The IP address of the MGTS router is generated during network setup.

Moreover, MGTS presents itself as a monopoly. It provides not only Internet services, but also telephone and regular communications. Subscribers working in the described network can receive digital television with 200 or more channels. After the ISP increased the standard data transfer speed, users slowly migrated from an ADSL router to GPON.

Setting up an MGTS router

After the client enters into a contract with MGTS, he will immediately receive a special router for use, about which we're talking about in the article. Such a device is already configured, has all the necessary data, so the only thing left is the owner needs to connect to it using gadgets and other equipment.

It is possible that sometimes there is a need to reset the settings. What to do? Many people prefer to entrust this task to experienced specialists, but you can try to do the setup yourself.

Wireless network

Before you start setting up the MGTS router, namely the wireless connection, you need to check the functionality of DHCP. How to do this and how to configure it? There shouldn't be any difficulties. All necessary data must be specified in the control panel in the main parameters tab. Why do you need to do this? If the specified server operates correctly, you can easily distribute network addresses to all connected devices.

Now you can start setting up your wireless access point. You should go to the control panel, to “Basic Settings”. There the user will see the “Wireless Network” column. You need to turn it on. This is done by checking the box next to the item of the same name. The SSID name is required. Where can I find it? The MGTS router has a factory sticker containing this information. There is no need to change any other settings.

Security and Wireless Connectivity

If you do not set a security password on your wireless network, then strangers or even intruders will be able to connect to it. That is why when making settings you need to take care of this nuance. The combination of characters must be secret. What are the dangers of connecting third-party users? The speed will decrease and personal data will be at risk. What is needed to set a password? You need to go to the “Security” tab, specify a name for the access point, and indicate the secret combination in a special column. There is no need to set other parameters, since the network will work without any problems. After this, you just need to save the settings specified for a device such as the MGTS router and exit the control panel.

Many people ask the question: “Which data encryption method should I use?” The most optimal is WPA2-PSK. This technology will reliably “protect” the connection. The password must be complex and memorable. It is best if it consists of lowercase and uppercase characters, as well as numbers. It is necessary to exclude easy combinations such as date of birth, pet name and the usual dialing 123456.

Problems

If any problems arise while working with a ZTE router or any other, access to the network is prohibited, and you cannot fix the problem yourself, then you should immediately contact the service center of the manufacturer or at least the provider. Sometimes problems are in no way dependent on the users, and can also appear due to incorrect interaction. Although it should be noted that when using MGTS technology with GPON type routers, the number of problems encountered has significantly decreased. At the same time, setting up the equipment has become much easier than it was before.

Results

As you can understand after reading the article, setting up a ZTE router and others is quite simple and not complicated. It should be noted that it practically does not depend on one or another model. The maximum difference between them is the control panel interface, as well as the manufacturer’s logo. What's more, most owners won't even need to do port forwarding. It will be necessary when using any specific applications, for example, games and so on. In order to fully configure a device such as an MGTS router, it will not take more than 20 minutes.

Having received the MGTS Gpon router at your disposal, setting up network access should be the next step.

And after the operation of the device is configured, the user will have access to the Internet at speeds of up to 2500 Mbit/s.

Such characteristics and the ability to provide coverage over a large area provide quite good popularity for this reason.

Moreover, the provider itself offers fairly high-speed tariffs at competitive prices.

Operating principle of a GPON router

The term GPON refers to a modern version of optical networks that allows you to develop enormous speeds - even more than is required by one ordinary user.

For any modern application, games and even 4K video, even 100 MB/s is more than enough.

However, with the help of GPON routers you can provide high-speed Internet not just one, but dozens of users at once.

And the number of people wishing to receive the same fast and high-quality access is constantly growing - although problems may arise when using routers.

The maximum data transfer speed for most routers reaches 300 Mbit/s.

Features of the services of the MGTS provider (MGTC)

MGTS has been offering its services as an Internet provider in the Russian Federation for almost 15 years.

And the project to create a high-speed fiber optic network MGTS GPON was started in 2013.

The company provides high-speed access to its subscribers - the minimum package includes communication with data transfer speeds of up to 30 Mbit/s, the maximum package is above 200 Mbit/s.

Rice. 2. Home page MGTS company.

At the same time, MGTS is a monopolist in the capital’s market, also providing regular wired telephone communications.

In addition to access to the network, subscribers can connect to digital television with more than 200 channels.

And now, when the data transmission speed of the provider has increased noticeably, the need for GPON routers is gradually disappearing.

Setting up a router for MGTS

By concluding a contract with MGTS, the user receives a GPON router at his disposal.

The device is already configured to work with a specific operator and does not require additional actions on the part of the subscriber - just connect home (office) computers and mobile gadgets to it.

Until the wireless connection is configured (or reconfigured if it was lost due to a power surge, software glitch, or someone else's actions), this is the only possible method.

After this, the user is required to open any browser and enter the corresponding address value in the address bar.

It can be found in the contract from the router’s operating instructions, from a sticker on the device itself, or found on the Internet by the name of the router. This is usually 192.168.1.1 or 192.168.1.254.

You should know: You can configure the router even in the absence of the Internet. Although, if you have access to the network, the result of correct configuration will be clearer.

When you go to the settings menu, you need to enter your password and login. By default, on most routers they are the same - admin.

Sometimes the MGTS operator sets its own values ​​- for example, mgts/mtsoao.

It is advisable to change these values ​​to prevent others from accessing your network - although this can usually only be done with a password.

The connection type does not need to be set - it is already included in the router firmware. Now you only need to configure the wireless network.

Setting up wireless networks

Before setting up a wireless connection, the user must check the presence of , which can be configured on the tab (main parameters section).

This option will be required to correctly distribute IP addresses to devices connected to the router.

After this, you can proceed directly to setting up the wireless access point:

1. Go to the wireless network menu;
2. Go to its main parameters;
3. Enable the network by checking the box next to the appropriate item;
4. Assign an SSID name (you can find it out from the sticker on the router itself);
5. Leave other settings unchanged.

Rice. 3. Setting up a wireless network on the MGTS GPON router.

You should know: If there are other Wi-Fi routers nearby that operate on the same frequencies as the already configured router, you may need to change its frequency. In addition, depending on the distance of the device to mobile and desktop computers, smartphones and tablets connected to it via a wireless network, you can set the signal level to high or low.

Configuring ports and wireless security

This can lead to unauthorized people and even intruders gaining access to your network.

Therefore, one of the first steps when setting up wireless connection is to set a secret combination of symbols.

You can avoid this situation, and not reduce the speed of your Internet due to strangers connecting to it, by following these steps:

1. Go to the “Security” tab;
2. Select the name of the newly created wireless point;
3. Change password value. All other parameters do not need to be changed - the wireless network will work without it;
4. Save the installed configuration and exit the settings menu.

Rice. 4. Go to the security settings on the GPON router.

As a method for encrypting data, it is worth using a technology that reliably protects the wireless connection.

And when choosing a password, you should come up with a combination that is both quite complex and at the same time memorable.

It is advisable to use for this purpose words and numbers that are meaningful only to the user, but exclude dates of birth and names.

Problems with the MGTS network

If you have problems accessing the network using an MGTS GPON router and are unable to configure this device so that the Internet works again, you should contact the operator’s technical support.

It is possible that the causes of the problems do not depend on the user.

Although recently, with the transition from ADSL routers to GPON routers, the number of subscriber requests regarding access problems has decreased.

MGTS gPON quality review

MGTS installation quality. Quality PON technology. Review of GPON. Is it worth switching to gPON? Optical provider. Optics for the apartment. How does optical internet work? Why do you need ONT? When will MGTS turn off ADSL?

Video:

MGTS Gpon Wi-Fi router settings

With this step by step instructions you can change the settings of your Wi-Fi access point on your router in the MGTS network.

After a year, I can say that I have no complaints about the quality itself - for all the time I used the Internet and television, the TV did not work only one day, and the Internet worked all the time. The speed is excellent, the quality is decent, in general, I’m satisfied. Pah-pah so as not to squawk. But that's not what we're talking about. And about the fact that somewhere a couple of months later, in August 2013, an article appeared on Habré, which described the downright horror-horror consequences of switching to GPON, and this article concerned me directly, since I had exactly the described there is a “leaky” ZTE ZXA10 F660 router.

But I didn’t notice this article, and lived quietly, without particularly worrying about anything, for almost a year. Suddenly, in May 2014, a book appeared describing the same horrors. Which I, too, would have missed in the same way (since I knew nothing about him), if he, in turn, had not been quoted in his note by Alex Axler, whom I already read almost on a daily basis. One way or another, the issue raised was important, since it directly concerns security, and therefore such widespread coverage of the problem is completely justified. On the other hand, MGTS’s responses, and indeed their reaction to what was happening, gave reason to assume that someone was simply muddying the waters, and respected bloggers were simply quoting information without checking it. As well as the absence of other references on the Internet, which represent individual studies, and not copy-pasting of these articles, they were simply absent. Therefore, armed with all the knowledge available to me, I sat down to hack my own ZTE ZXA10 F660 GPON router, provided for free use by MGTS, via its WPS pin.

I won’t explain what WPS is here, because in my opinion it is a) generally a leaky and unnecessary technology, since it is much easier to just enter the default Wi-Fi password indicated on the bottom of the router and b ) this has been described perfectly for a long time, and more than once.

But we have a purely academic interest, we break our own router (well, in general, it’s MGTS’s, but in this case that’s not the point, since there is no interference in its settings). First I tried to find the PIN code on the router itself, there should have been a sticker like

There was everything on the router - from the WiFi password to the MAC address, but there was no pin. Then I climbed onto the mezzanine to get the box from the router. There was no pin on it either. Maybe in the instructions? I took out the manual and it’s not there either. It struck a chord with me, I went online and downloaded the instructions for the ZTE ZXA10 F660 - both the MGTS one and the factory one in general. I didn’t find it in them either.

Well, okay, in the article on Habré it was written that you can Google a pin code in 10 minutes. I sat down to google. First I googled zte zxa10 f660 wps pin, crap. Nothing on 10-15 pages. Then - zte zxa10 f660 pin-code - again nothing. I looked into images on Google - I think maybe there’s a sticker there? Also horseradish. I suffered for half an hour, but it turned out to be much simpler - I just had to enter f660 wps pin in Google, without starting about zte, so that the third and fourth link would come up with the pin code for the ZTE ZXA10 F660 - 13419622.

If we omit all the bla-bla-bla in Sergei’s article about speed, the default password and the 6th channel (which in my case is not such - and the channel is automatically selected for me, and the speed is quite normal, and the password was set for me - what I asked for, and not just a phone number), then there is something very useful in it. Namely, an indication that the WPS pin code for the ZTE ZXA10 F660 router starts with 1341. So now I was sure that I had found what was necessary, since I had to raise Linux, install Reaver and other crap in order to find a pin, and do in 10 hours what, as written on Habré, can be done in 5 seconds:

Thus, the “lucky” owners of this particular model of equipment (and the operator has only 2 of them, so the chance is 50/50), even if they set an impossible-to-crack password for the wireless network, will still be hacked in less than 5 seconds due to the imperfection of the technology.

Naturally, I had no desire.

It is clear that if we consider the subject from a general point of view, the question is not even whether the pin is known or not, but whether the WPS function is turned on at all or not, and whether the user can turn it off independently or not. In other words, the problem with WPS is divided into several subsections:

1. If WPS is available, the pins are different for each device, and the user can disable it - this is not so scary, because In this case, it will not be possible to connect from Windows so easily; you will first have to brute force the PIN code from Linux, and this is only available to those who have nothing else to do. Although there are plenty of those too. So, even in this case, it is better to disable it rather than change it.
2. There is WPS, the pins are the same for each device, but the user can disable it - in this case it is necessary to disable it without fail, since it will be possible to connect using software for Windows. The leaky, non-MGTS ZTE F660, or rather, not only it, all D-Link DSL 2640NRU have a completely similar problem, with pin 76229909 or 46264848 it connects with a bang, people just don’t know that it’s better to disable WPS. Yes, there are other examples.
3. In the specific case under consideration, the pin does not change in the router settings, but what’s worse is what both Sergey and Habré tried to shout about - WPS cannot be disabled by the user independently. And the question arises: was it disabled during one of the remote firmware updates by MGTS. Because otherwise - as already written, the question comes down to whether it is possible, without any hassle at all with selecting a pin, to simply hack Wi-Fi from Windows 7 in 5 seconds and connect to wi-fi from MGTS.

This is what I wanted to check.

After the pin was found, the second known ambush was that in Windows 7 PIN code authorization is used only for setting up an access point :

If when trying Windows connections determines that the device is using standard factory settings, it will offer to configure the router.

If the wireless network settings have already been configured ( and this is exactly the case with all MGTS routers), then it is necessary (without considering the above Linux installation):

• or press a button on the router, which is impossible for attackers - since the router, to put it mildly, is not freely accessible

• or enter the WPA2-PSK key set at the setup stage
• or use third-party utilities to transfer the pin to the router

Naturally, if we enter our PIN code 13419622 from the ZTE ZXA10 F660 into the Windows “Security Key” window, then Windows considers that this is not a PIN code, but a password to Wi-Fi, and of course, it does not connect. Therefore, download and try to connect via

I used Jumpstart because it comes with a very handy Dumpper utility. Its two disadvantages are that a) it is in Portuguese (but everything is clear as it is), and b) that it also carries with it an unwanted update that forces Chrome and other browsers to open the google.ru page by default. , and search through the page trovi.com or trovigo.com, showing a bunch of advertising. In this case, you cannot simply change it back, and you will need to reset all browser settings. However, it is necessary to clearly understand that Trovi Search is not a virus, not a hijacker or malware, as they write in some places, but simply unwanted software installed as part of other free software that will show advertisements and sponsored links in search results, on the home page, and will also collect and send search queries to its servers to collect statistics. Therefore, antiviruses do not see it. However, keeping extra crap, even this kind, on a computer is also not ice, and therefore, details on how to remove trovi.com (a matter for one minute) are said and shown in this video instruction:

I don't know if QSS includes this same crap, because... I haven’t tried it - if anyone decides to try it with its help, please post.

To connect, it is better (although not necessary) to disconnect from all networks, because... If, for example, your phone still distributes the Internet, and your laptop connects to it, then until you disconnect, it may not be possible to connect to anything else using the pin.

So, the most important result - really disappointing - I was able, without any WPA2 passwords, by simply downloading and installing Jumpstart, and entering the pin code 13419622 to connect to my router via pin in 5 seconds:

after which I went to the network properties and looked at the WPA2-PSK password there.

Even easier than I once did.

A little later, I found a link on one of the hacker sites, which stated that PIN 13419622 is only suitable for routers with a BSSID (Mac Address) starting with 34:4B:50 and 2C:26:C5, and on DC:02: 8E (just my case) - updated ZTE, possibly with different firmware, in which WPS is blocked.

So, I can say with confidence (since I got my neighbors involved in this matter and checked it on their devices) that several DC:02:8E:B3 model number: 123456, model name: broadcom, including mine — all also full of holes; but DC:02:8E:D2 and DC:02:8E:D5 model number: EV-2012 model name: onu are fixed, and they are no longer connected to with this pin. So there is an opinion that someone was lucky, since MGTS either remotely disabled the enabled WPS on routers by downloading new firmware for them, or corrected this bug in some other way, or did not fix it, but only made the selection a little more difficult by simply changing the pin (as I already said, I have neither the desire nor the time to check for 10 hours while picking it up). And someone, like me, had the fate of being left with a completely leaky Wi-Fi that could be hacked in 5 seconds just from under Windows. By the way, the firmware on mine is 2.21, although I know for sure that there is already 2.3 - and maybe a later one.

Therefore, I have a big request - if you managed to connect to your router using the specified method, please write in the comments. And of course - let's contact MGTS with a link to this article - let them correct it (which I will do in the near future, I will inform you about the results). In the meantime, you can either live with a leaky Wi-Fi (in the days of ADSL there was a theme with FON, when users even provided free access via Wi-Fi), or, as a last resort, put filtering by Mac address for all their devices (also not a panacea). Well, or install an additional access point on the wire without/with switchable WPS.

And further. I didn’t come up with anything special, but simply collected and structured the information available on the Internet. Because the kul-hackers already know this, but ordinary people treat security issues with unforgivable carelessness. All files and descriptions are posted not to answer the question “how to hack Wi-Fi,” but for the sole purpose of allowing everyone to check how secure their own network is. Remember that if you are going to hack someone else's Wi-Fi using this method, then it is like any other unauthorized entry into someone else's network entails criminal liability. Based on the router log, you will still be identified. If you want to help a neighbor, first ask his consent. Use this article as a weapon of self-defense - for defense, not attack.

And remember, if you do not have the goal of distributing the Internet to everyone, and your router allows this, be sure to disable WPS. Even if you are not on MGTS GPON.

home » Investments » Which routers connect to gpon mgts. MGTS gpon technology and reviews about it. Maybe the Chinese save money this way, but the main thing is not the packaging, but what’s inside