Known Issues

  1. If not properly configured, these devices will mishandle RTP traffic causing one-way audio and dead air on phone calls.
  2. Versions listed below have been shown to be susceptible to remote take over via CSRF attacks.
    1. Hardware versions A – D. If you have one of these earlier models it is recommended that you contact your ISP for the latest model.
    2. Hardware versions E – H have not been tested.
    3. Latest firmware available is 40.21.18. If your router is not on this firmware version, it is recommended that you contact your ISP or IT personnel to update this for you.
    4. Please review the following pages for additional information.
      1. Case Studies – Taking over the MI424
      2. Security Vulnerabilities in SOHO Routers


Resolution

  1. Log into the router
  2. Advanced > Yes to the warning > ALG’s (newer versions will have it labeled ‘SIP ALG’):
    1. SIP ALG: Unchecked/disabled
    2. Click Apply.
  3. Advanced > Yes to the warning > Remote Administration:
    1. Allow Incoming WAN ICMP Echo Requests (e.g. pings and ICMP traceroute queries):
      1. Click the ‘Check’ box > then click Apply.
      2. On later versions this may not be enabled by default.
  4. Advanced > Yes to the warning > Quality of Service (QoS):
    1. QoS Input Rules:
    2. Click on the ‘edit’ option QoS Input Rules for Network (Home/Office) Rules.
      1. Click on the ‘edit’ option for the ‘Source Addresses’, select ‘User Defined’, and enter the following:
      2. Click on the ‘Add’ option to enter the following for HPBX 2.0.
      3. Description: VoiceAddressesIn
        1. Network Object Type: IP Subnet
          1. Accounts prior to 5/15/15 use: 64.28.114.0
            1. Post 5/5/15 use: 64.28.124.0
          2. Subnet Mask: 255.255.255.0
        2. Network Object Type: IP Subnet
          1. Accounts prior to 5/15/15 use: 64.28.116.0
            1. Post 5/5/15 use: 64.28.123.0
          2. Subnet Mask: 255.255.255.0
        3. Network Object type: IP Address
          1. The following addresses will have to be added one at a time.
            1. 64.28.112.148
            2. 64.28.112.157
            3. 64.28.113.10
            4. 64.28.115.137
            5. 64.28.115.146
            6. 64.28.121.101
            7. 64.28.121.110
            8. 64.28.122.102
            9. 64.28.122.103
            10. 64.28.122.110
            11. 64.28.126.9
      4. If the configuration is for HPBX 1.0
        1. Network Object Type: IP Subnet
          1. Address: 206.225.167.64
          2. Subnet Mask: 255.255.255.0
        2. Network Object Type: IP Subnet
          1. Address: 199.193.202.64
          2. Subnet Mask: 255.255.255.0
        3. Network Object Type: IP Subnet
          1. Address: 206.225.166.128
          2. Subnet Mask: 255.255.255.0
        4. Network Object type: IP Address
          1. 64.28.122.110
          2. 64.28.121.110
          3. 64.28.122.103
      5. Protocol, from the dropdown, select ‘User Defined’
      6. Click on the ‘Add’ option to enter the following.
      7. Service Name: VoiceServicesIn
        1. Protocol: select from the dropdown ‘UDP’.
        2. For ‘Source’ and ‘Destination’, select the option for ‘Range’.
        3. Add the following ranges:
          1. 5678 – 6899
          2. 30000 – 60000
        4. Add the following ranges for HPBX 1.0:
          1. UDP
            1. 5060 – 5061
            2. 35000 – 65000
          2. TCP
            1. 5060 - 5061
      8. Set the Protocol and Operation priorities to: 6 (Queue 2 – High)
      9. Apply QoS on: Connection
      10. Logging: Check the box to enable ‘Lob packets matched by this rule’.
    3. Click on the ‘edit’ option QoS Output Rules for Network (Home/Office) Rules.
      1. Click on the ‘edit’ option for the ‘Destination Addresses’, select ‘User Defined’, and enter the following:
      2. Click on the ‘Add’ option to enter the following for HPBX 2.0.
      3. Description: VoiceAddressesOut
        1. Network Object Type: IP Subnet
          1. Accounts prior to 5/15/15 use: 64.28.114.0
            1. Post 5/5/15 use: 64.28.124.0
          2. Subnet Mask: 255.255.255.0
        2. Network Object Type: IP Subnet
          1. Accounts prior to 5/15/15 use: 64.28.116.0
            1. Post 5/5/15 use: 64.28.123.0
          2. Subnet Mask: 255.255.255.0
        3. Network Object type: IP Address
          1. The following addresses will have to be added one at a time.
            1. 64.28.112.148
            2. 64.28.112.157
            3. 64.28.113.10
            4. 64.28.115.137
            5. 64.28.115.146
            6. 64.28.121.101
            7. 64.28.121.110
            8. 64.28.122.102
            9. 64.28.122.103
            10. 64.28.122.110
            11. 64.28.126.9
      4. If the configuration is for HPBX 1.0, use the following addresses
        1. Network Object Type: IP Subnet
          1. Address: 206.225.167.64
          2. Subnet Mask: 255.255.255.0
        2. Network Object Type: IP Subnet
          1. Address: 199.193.202.64
          2. Subnet Mask: 255.255.255.0
        3. Network Object Type: IP Subnet
          1. Address: 206.225.166.128
          2. Subnet Mask: 255.255.255.0
        4. Network Object type: IP Address
          1. 64.28.121.110
          2. 64.28.122.110
          3. 64.28.122.103
      5. Protocol, from the dropdown, select ‘User Defined’
      6. Click on the ‘Add’ option to enter the following.
      7. Service Name: VoiceServicesOut
        1. Protocol: select from the dropdown ‘UDP’.
        2. For ‘Source’ and ‘Destination’, select the option for ‘Range’.
        3. Add the following ranges for HPBX 2.0:
          1. 5678 – 6899
          2. 30000 – 60000
        4. Add the following ranges for HPBX 1.0:
          1. UDP
            1. 5060 – 5061
            2. 35000 – 65000
          2. TCP
            1. 5060 - 5061
      8. Set the Protocol and Operation priorities to: 6 (Queue 2 – High)
      9. Apply QoS on: Connection
      10. Logging: Check the box to enable ‘Lob packets matched by this rule’.
  5. Since these devices are used in conjunction with FiOS connections, traffic shaping is not necessary. This is due to the fact that the connection is “Symmetrical” and the speeds in most U.S. markets start at 30x30. However, in the event it is determined to be necessary, the following settings can be entered by the customer or their IT staff.
    1. Advanced > Yes to the warning > QoS > Traffic Shaping.
      1. Click the ‘Add’ option.
        1. Device: Network (Home/Office)
          1. Click ‘Apply’.
        2. Use this speed test link to take an average of three speed tests.
          1. Broadband Tester
        3. Using the averages derived from the speed test on the previous step, set the Tx (upload) and Rx (download) according the following usage notations for the VoIP devices connected.
          1. Maximum: calculate this number: (#-of-phones * 100kbps) + (#-of-fax-adapters * 100kbps) + (50 kbps for 1 VoIP/Soak Test Tool).
  6. For the last step, we need to change the LAN side DNS servers.
    1. My Network > Network Connections
      1. Click on ‘Network (Home/Office).
      2. Click on ‘Settings’.
      3. DNS Server, enter the following
        1. Primary DNS Server: 8.8.8.8
        2. Secondary DNS Server: 8.8.4.4
      4. Click Apply.
        1. This will bring you back to the previous ‘Network (Home/Office) Properties page.
      5. Click Apply
      6. This completes the configuration.