Configuring the MGTS gpon zte f660 router

We continue picking in the F660

If you are afraid to bring down the desired settings.

Login: user
password: user

login: admin
password: admin

UPD:
In routers with new firmware
login: mgts
password: mtsoao

But first, save the current configuration to a file (in the appropriate section)

I found a Belarusian forum where they discuss a similar model.
Interestingly, they have it set to bridge by default.

Russian-language instructions for setting up are also posted there. (the name of their modem is different, but this is the same 660)
Instruction

Last edit: Feb 21, 2013 01:35 am Edited by Serjic.

ZTE ZXDSL 531B (resolved in NetComm)
Internet from MGTS - an enchanting mess + unique undocumented features

RE: ZTE ZXA10 F660 12/29/2012 16:25

Description of equipment ZXA10 F660 (Russian)
https://skydrive. live. com/redir? resid=5B33808EEA1CC258!384&authkey=!AOpeHAuT3NljY-E

Listed by which protocols the operator remotely manages the ONT
It is also described there that the missing connector is intended for connecting a backup battery. (If anyone is interested in connecting it through the interface of the ONT itself) True, the pinout is not indicated, but I think we will find out soon.

Dor wrote:
If you are afraid to bring down the desired settings.
Log in with username and password:

Login: user
password: user

In user mode, it is not possible to change the settings for external wan interfaces and telephony.

But without any problems, WIFI is configured, DMZ port forwarding and other delights of the internal network.

Well, if you are not afraid of experiments, then
login: admin
password: admin

And if neither user nor admin is suitable? It turns out the installer managed to dig deeper? 636-0-636 says the same thing either user or admin, but most likely I know the changed password but they don’t say.

In the English instructions we read the following:
How Can I Restore the Device to the Factory Default Settings?
Press the RST reset button for more than 10 seconds to reboot the device. Then the
device is restored to the factory default settings.

But it’s not a fact that after resetting to factory settings, the Internet and phone will work.

Some contractors use the subscriber's phone number as a password. Some have an apartment number along with a phone number.

Try it, you might be lucky.

The manufacturer did everything right. And in MGTS, as always, everything is through a well-known place.

There is access at the admin level, everything is possible there.
There is access at the user level. There it is possible what concerns the user.

1. Configure WIFI (enable/disable, configure encryption, SSID name and visibility, channel, etc.)
2. Configure LAN (DHCP, DMZ, PortForwarding, DynDNS)
3. Save the configuration, or reset USER settings to default.
4. Organize file storage by connecting a flash drive to the ONT.

But from the user mode, you can not touch the routing, pick the SIP account and reconfigure the WAN interface.

The manufacturer meant that the operator's specialists traveling to the client would use the admin password. (and the client will not be informed of it)
And in the user mode, the subscriber will be able to configure everything he needs. There are clear instructions for this.
And if it messes up, then on the first call to technical support, the operator will reset the user settings to default.

Beauty. And here is FIG. Stupid MGTSniki prohibit any ONT settings in the contract.

And since there are no pluses for the client, they artificially create additional inconveniences for him.
Naturally, he will go to another provider as soon as possible. And he will do it right.

After the consumer purchases a Gpon router with MGTS support, he must take care of setting it up. This step will allow you to get the maximum Internet speed, which is 2500 Mbps. Due to the excellent characteristics, the router will be able to cover a rather large room with a connection. This is what allowed such devices to quickly gain popularity among domestic buyers. Moreover, many manufacturers bundled with this router offer excellent rates for a small fee.

In the article, we will consider the principles by which the MGTS Gpon WiFi router works, what features the MGTS technology has. In addition, the question of configuring the router will be covered, as well as all possible problems with the network will be described. At the end, let's summarize what has been said.

Router operation

What do experts mean when they say GPON? It is understood as an optical network, which is capable of providing tremendous speed. As a rule, its indicator with a clear excess, if we talk about normal home use. Any games and videos with chic quality (4K) will have enough speed of 100 MB per second. That is why the MGTS router is often used to provide a large number of users with access to the Network. The signal is good quality. Sometimes there may be some problems with the router. Frequently, it is necessary to create a wireless access point to work with a tablet, laptop, smartphones at the same time. The main thing is not to forget to set a password on the MGTS WiFi router.

Those routers provided by MGTS are popular because of their low speed and multi-user mode. They also support both wired and wireless connections. What other benefits do they have? They can replace such devices: NAT routers, GPON, devices with 4 LAN connectors, a Voip gateway, as well as any other device that supports high network speed. How to understand this to ordinary ordinary users? These routers provide a fast home or office network with ease. Most routers support a maximum transfer rate of 300 Mbps.

Features of MGTS

The manufacturer MGTS has recently started working as a provider that provides Internet services on the territory of the Russian Federation. It has been on the market for about 15 years. Only in 2013, the company created a project to form a fiber optic network. The provider is able to provide excellent rates for a small fee. The minimum of them provides for a connection speed of 30 Mbps, and the maximum - 200 Mbps. The IP address of the MGTS router is formed during network setup.

Moreover, MGTS presents itself as a monopoly. It provides not only Internet services, but also telephone and conventional communications. Subscribers operating in the described network can receive digital television with 200 or more channels. After the ISP increased the standard data rate, users slowly switched from ADSL router to GPON.

Configuring the MGTS router

After the client concludes a contract with MGTS, he will immediately receive a special router for use, which is discussed in the article. Such a device is already configured, has all the necessary data, so it's up to the small - the owner needs to connect to it using gadgets and other equipment.

It is possible that sometimes there is a need to reset the settings. What to do? Many people prefer to entrust this matter to experienced professionals, or you can try to make the settings yourself.

Wireless network

Before you start setting up the MGTS router, namely the wireless connection, you need to check the performance of DHCP. How to do it and how to set it up? Difficulties should not arise. All the necessary data must be specified in the control panel in the main parameters tab. Why do you need to do this? With the correct operation of the specified server, you can easily distribute network addresses to all connected devices.

Now you are ready to set up your wireless access point. You should go to the control panel, in the "General Settings". There, the user will see the "Wireless Network" column. You need to enable it. This is done by checking the box next to the item of the same name. The SSID name is required. Where to find him? The MGTS router has a factory sticker with this information. The rest of the settings do not need to be changed.

Security and Wireless

If a security password is not set on a wireless network, then strangers or even intruders will be able to connect to it. That is why when making settings, you need to take care of this nuance. The combination of characters must be secret. What threatens the connection of outside users? The speed will decrease, and personal data will be at risk. What is needed in order to set a password? You need to go to the "Security" tab, specify a name for the access point, and in a special column indicate the secret combination. You do not need to set other parameters, since the network will work without any problems without them. After that, you just need to save the settings specified for a device such as an MGTS router and exit the control panel.

Many people ask the question: “Which data encryption method should I use?” The most optimal is WPA2-PSK. This technology will reliably "guard" the connection. The password must be complex and memorable. It is best if it consists of lowercase and uppercase characters, as well as numbers. It is necessary to exclude light combinations such as date of birth, name of a pet, and the usual dialing 123456.

Problems

If any problems appear when working with a ZTE router or any other, access to the network is prohibited, and you cannot fix the problem yourself, you should immediately contact the manufacturer's service center or at least the provider. Sometimes problems do not depend on users in any way, they can also appear due to incorrect interaction. Although it should be noted that when using MGTS technology with GPON routers, the number of problems that have arisen has significantly decreased. At the same time, setting up equipment has become much easier than it was before.

Results

As you can understand after reading the article, setting up a ZTE router and others is quite simple and not complicated. It should be noted that it practically does not depend on one or another model. The maximum difference between them is the control panel interface, as well as the manufacturer's logo. What's more, most owners won't even need to do port forwarding. It will be necessary when using any specific applications, such as games and so on. In order to complete the full configuration of a device such as a MGTS router, it will not take more than 20 minutes.

MGTS GPon subscribers under threat of hacking, new networks - new problems

• Information Security ,
• Development of communication systems

1. Introduction

In the capital of our vast Motherland, an unprecedented scale project is underway to introduce Gpon technology from MGTS under the auspices of the fight against copper wires and for affordable Internetization of the population. The number of MGTS subscribers in the city of Moscow exceeds 3.5 million people, it is assumed that everyone will be covered.
The idea is wonderful - optics in every apartment, high-speed Internet, free connection and a Wi-Fi router as a gift (although officially without the right to reconfigure it, but more on that later). The implementation of such a large-scale project (such a device is installed in every apartment where there is at least a landline phone from MGTS), as usual, was not without planning holes that can cost the end user dearly. Our company became interested in the issues of information security of clients of such a large-scale project and conducted an express study, the results of which we offer the public to inform about existing threats and measures to combat them at home.

2. Life in the palm of your hand

Threats turned out to be not at all illusory and insignificant, but systemic and the risk potential can hardly be overestimated. I want to warn happy MGTS subscribers against the threat to their privacy, lurking not only in the ZTE ZXA10 F660 router, kindly forcibly donated by the provider (however, the less vulnerable Huawei HG8245, also installed by subscribers, is still not protected from “default settings”), but and in the very organization of connecting subscribers to new communication lines.
Here are the options for the equipment installed by the operator:

less dangerous Huawei HG8245

Much more "leaky" ZTE ZXA10 F660

The problems here are of several different degrees of danger, some can be solved on their own, some can only be paid attention to. Let's list the main points that will help an attacker hack into your home network (provided that you are still an MGTS Internet subscriber):

• The WiFi password is your phone number (during the study, there were lazy installers who left the MAC address of the router without the first 4 characters as the password).
  This means that hacking a Wi-Fi using the 495?d?d?d?d?d?d?d brute-force technique will not take much time, we are talking about a matter of minutes and for this it is not at all necessary to be near the hacked object all the time . It is enough to intercept the moment of connection of the subscriber's wireless device (smartphone, tablet, laptop) with the router, and the rest can already be done safely on the home computer. This operator miscalculation at the connectivity level is a gaping hole that opens the home networks of millions of subscribers to attack by intruders. This problem can only be solved locally - by independently changing the access point password to a more secure one, however, the next vulnerability is much more serious, since the subscriber simply cannot effectively influence it on his own.
• We are talking about a vulnerability in WPS wireless configuration technology, which is enabled by default on ZTE ZXA 10 F660 routers. And if in the case of an organizational miscalculation that substituted user networks at the password level, an attacker cannot massively hack subscribers, dealing with each one individually, then when exploiting the WPS vulnerability of a router of this model, network hacking can be put on stream. The technology works as follows - for a WPS connection, a pin code consisting of 8 digits is used. Upon receipt of the correct pincode, the router gives the real Wi-Fi password. Not only can this pin code be cracked using the well-known Reaver tool much more efficiently and faster than a complex WPA2 password, but the main problem is that it is the same for all ZTE ZXA10 F660 routers! Moreover, it can be easily found in 10 minutes on the Internet. I repeat - knowing this pin code (which can neither be changed nor turned off) within 3 seconds a real Wi-Fi password of any complexity and type of encryption is obtained, or a direct connection to the subscriber's network is made. Thus, the “lucky” owners of this particular model of equipment (and the operator has only 2 of them, so the chance is 50/50), even if they set an impossible-to-hack password for the wireless network, will still be hacked in less than 5 seconds due to the imperfection of the technology.

3. What is fraught with for the owner of WiFi hacking?

Let’s leave aside platitudes like “free Internet”, now it’s not the 90s and people with gadgets usually have enough for the Internet. So what are the threats? We list the most obvious:

• Interception of subscriber traffic, theft of passwords from postal services, social networks, messaging programs and other confidential data
• An attack on the computers of the owner of the point in order to gain access to the user's files, view webcams, install viruses and spyware (as a rule, home PCs are much more vulnerable to attacks from within than corporate machines, traditionally weak passwords and irregular updates and open resources are here )
• Listening to telephone conversations. (Yes, with the switch to insecure sip, this is easier than ever). Now not only special services, but also a curious neighbor (or maybe not a neighbor) can record your conversations on a landline number due to the fact that the new telephony technology works using the insecure SIP protocol. For the prompt interception and recording of conversations of which all the necessary tools have long existed in the public domain.
• Theft of a phone number - by slightly changing the software of the router, an attacker can find out the password from the SIP account and use it to make calls on behalf of a hacked subscriber. This is not only the potential for direct loss to the owner of the number, but also the possibility of causing much more serious damage by using the number of an unsuspecting citizen for blackmail, terrorist contacts, or in order to frame the owner - for example, from this number, informing the police about a planted bomb
• Creation of a large botnet (the number of MGTS subscribers in Moscow is 3,504,874) with the potential of each connection of 100 Mbit/s. Yes, this will require an army of lemmings, but as everyone is well aware, hordes of biological bots constantly inhabit various kinds of "vats", which are regularly attracted by interested parties to various Internet actions, usually of a sabotage kind.
• Using a random (or non-random) network to anonymously upload prohibited material to the Internet (Guess whose door they knock on?).

4. Protective measures

What can you do to protect your privacy in such a situation? You can do a little yourself, but these are mandatory actions for anyone who does not want to become a victim of a poorly thought-out operator campaign.
We will need passwords from the router, which are easily googled on the Internet, write down:

• Access to the web interface of the ZTE ZXA10 F660 router - login: mgts, Password: mtsoao
• Access to the console via Telnet protocol - login: root,password: root
• for Huawei HG8245:
  default address - 192.168.100.1
  login: telecomadmin,password: admintelecom
• Through the web interface, be sure to change the password for the access point and its name (the MAC address will still give out belonging to MGTS clients, but renaming the point will reduce the likelihood of matching a specific Wi-Fi signal to a specific apartment)
• ZTE ZXA F660 owners should disable Wi-Fi functionality with the button on the device. At the moment, this is the only way to protect against WPS hacking.

Unfortunately, at best, a mere percentage of the 3.5 million users will take advantage of these measures, most will never know about this article and will remain vulnerable to a real threat for a long time, until something or someone forces the operator to spend a bunch of money and take centralized measures to correct the technical and organizational shortcomings of the project.

5. Conclusion

What conclusions can be drawn from the above? The most disappointing - the largest GPON implementation project (I repeat - we are talking about 3.5 million subscribers!) did not consult with information security specialists, or these consultations were completely ignored during the implementation itself. Phone passwords, non-disabled WPS with a single key, unprotected SIP telephony, passwords retrieved from the WEB interface are the result of a weak organizational component and a complete disregard for elementary information security standards. I am sure that MGTS is far from unique in such miscalculations, many smaller network service operators find themselves in the same situations in the field of protecting the data of their subscribers, but the scale of the problem this time exceeds all conceivable boundaries

6. Official reaction of OJSC MGTS

We, as respectable security researchers, are interested in the speedy resolution of the problems voiced above. Unfortunately, our concern did not find a response in the hearts of the employees of the press service of MGTS OJSC, whom we tried to reach using all available channels. Only one response was received - through Facebook, a press officer assured us that we could publish the material with a clear conscience, and then, answering questions from the press, they would assure everyone that the subscribers were safe and their data was confidential.

Overview of the optical modem SERCOMM RV6699 | Introduction

The MGTS company, also known as the Moscow City Telephone Network, retains its position as the largest and main communications operator in the city of Moscow. One of the most large-scale projects of MGTS over the past three years can be considered the construction of a fiber-optic GPON network and connecting most of the capital's houses to it. Replacing the most popular ADSL technology before, GPON made it possible to access the Internet at speeds ten times faster at the same cost. In addition, GPON has become a state-of-the-art digital platform for telephony, high-definition TV and smart home.

Representatives of MGTS offered us to evaluate the quality of GPON communication and at the same time a new optical modem SERCOMM RV6699, providing wireless Internet connection at speeds up to 500 Mbps. The device simultaneously acts as an ONT optical modem of the GPON network, a router and a gigabit four-port switch, a wireless Wi-Fi access point and a VOIP gateway for direct connection of an analog phone. Given the speed with which this new technology is developing and being introduced, we did not consider it possible to refuse such an interesting offer.

Overview of the optical modem SERCOMM RV6699 | Specifications

Overview of the optical modem SERCOMM RV6699 | Packaging and equipment

Optical modem SERCOMM RV6699 comes in MGTS branded packaging, made in the company's blue and white colors with large inscriptions GPON, "New opportunities for Wi-Fi wireless communication" and "Up to 500 Mbps". In addition, information about preset Wi-Fi settings (SSID and key) for the 2.4 and 5 GHz bands is printed on the box.

The standard equipment is quite concise: this is the RV6699 terminal itself, a power supply unit and a printed instruction manual, but during installation, MGTS employees pull an optical cable of the required length to it, install a separate socket and, if necessary, provide a network cable for wired connection of a computer and a set-top box .

Overview of the optical modem SERCOMM RV6699 | Appearance and design

Optical modem SERCOMM RV6699 assembled in a white plastic case of complex shape. On the top panel of the device, which is front for wall mounting, there is a large MGTS logo, many ventilation holes and as many as ten LED indicators, most of which glow green or blue, and only the last LOS (no cable or the transceiver is turned off) can light up red. The purpose of the indicators (from left to right): power supply, GPON, status, phone, Wi-Fi 2.4 GHz, Wi-Fi 5 GHz, LAN, USB, Internet and LOS. All indicators are quite bright and visible from afar, even if the modem is installed high under the ceiling.

Both side panels are dotted with ventilation channels, while on the right there is a button to turn the Wi-Fi adapter on and off, or to activate a quick connection via WPS.

All ports and connectors are traditionally concentrated on the rear panel of the modem. Here are (from left to right): a POTS RJ11 port for connecting a phone, four RJ45 network ports, a USB port, a Reset button for resetting to factory settings, a connector for an AC adapter, and a button to turn the device on and off.

On the bottom panel of the device there is a connector for connecting a GPON cable, a system for its smooth wiring ("cable organizer") to avoid creases, two rubberized legs and two holes for wall mounting the modem. There is also an information plate with a serial number, MAC address, default Wi-Fi settings and some other data.

Quality of materials and assembly SERCOMM RV6699 visual inspection does not cause complaints.

Overview of the optical modem SERCOMM RV6699 | Software and web interface

To set up an optical modem SERCOMM RV6699 and its additional features traditionally uses a web interface, which can be accessed through any browser. The menu is quite concise and simple, especially compared to earlier GPON devices.

After entering your login and password, you get to the main page, which displays basic information about all connections, including telephony and all connected devices.

To start the settings, you need to go to the "Settings" tab and select one of the four tabs: LAN "General Settings", "LAN DNS", NAT and DDNS.

On the "General Settings" tab, you can select any of the four subnets, and in the TCP / IP section, specify its IP address and subnet mask.

The next tab allows you to assign a name to a device on the local network, after which it can be accessed not by the MAC address, but by this name.

The "Wireless Network - Basic Settings" tab allows you to enable up to four simultaneous wireless networks (4SSID) in each of the 2.4 and 5 GHz bands and make their basic settings.

The Security tab sets the authentication and encryption methods, as well as the PSK key for each wireless network.

The Wi-Fi Protected Setup tab provides a simplified way to register WPS-enabled devices on wireless networks.

On the "Wireless MAC Address Control" tab, you can specify which devices with which MAC addresses will be allowed access to local wireless networks and which ones will be blocked.

Finally, on the "Auto channel selection" tab, you can enable automatic channel selection depending on the workload of the air.

The NAT section provides the ability to configure external services on the local network, such as web servers, FTP servers, mail servers, or other Internet applications.

On the Port Mapping tab, you can set port forwarding for each of the predefined applications in the drop-down menu, or create your own settings by clicking the "Set User Service" button.

Dynamic port forwarding for applications that are unable to work through the built-in firewall can be configured on the Port Triggering tab.

The DMZ Host tab is used to set up a "DMZ" that restricts certain servers from accessing the main network segments to a DMZ perimeter blocked by a firewall.

The Application Layer Gateway (ALG) settings for passing specific user application or protocol traffic outside the NAT are contained in the ALG tab.

On the "UPnP Settings" tab, you can enable automatic route configuration for video conferencing, online games and other Internet applications on the local network.

The "Static NAT" tab allows you to set up to 20 static NATs with their IP addresses, ports and protocols.

In the DDNS section, you can configure DDNS servers (there are several providers to choose from) so that other Internet users can connect to you using a dedicated domain name.

The "Services" tab consists of three sections: Firewall, "Telephony" and USB. In the Firewall section, general and fine-tuning of the firewall is performed. First of all, you can choose one of the preset protection levels, or make your own settings.

Advanced session settings and DoS protection rules are contained in the SPI tab.

There is a classic firewall filtering function by IP:

In the "Parental Control" section, you can set time limits for networking devices with a specific MAC address, as well as filter access to sites by their URL.

The "Telephony" tab contains the only setting - the choice of the type of automatic caller ID, which is set depending on the specific network.

The USB tab consists of five sections where you can configure external storage devices, a Samba file server, an FTP server, and a print server and a DLNA media server connected to the USB port so that they are available to users on the local network.

The "Maintenance" tab consists of four sections: "Password change", "Diagnostics", "Event logs" and "Configuration file".

The "Change password" section allows you to change the administrator profile and set a new password.

On the "Network Diagnostics" tab, you can "ping" a specific IP address or URL in packets ranging in size from 64 to 65500 bytes.

The "Event Logs" tab consists of two tabs: "System Logs", where system event logs are kept, and "Call Log", where phone numbers and their IP addresses are tracked, as well as the duration and time of connections.

And finally, on the "Configuration File" tab, you can return all router settings to factory defaults.

Overview of the optical modem SERCOMM RV6699 | Communication speed

The tariff for using the MGTS GPON network set for us provides for data transfer in both directions at a speed of 150 Mbps. Speed ​​measurements with a wired connection to a computer using the speedtest.net network service from Ookla showed that the real speed is fully consistent with the declared figures with minor deviations, depending on the test server.

To check the wireless connection in the 5 GHz band, we used the Speedtest application from Ookla installed on the Honor 9 smartphone running the Android 7.0 operating system. At a distance of up to about 3 meters from the router with an excellent signal, the access speed fluctuated between 130 and 150 Mbps, depending on the test server, which can be considered an excellent result.

However, at a distance of more than 3 meters in a city apartment in a brick house, the signal level began to drop sharply, and the real speed dropped by about a third to 50-55 Mbps. Of course, this is still a very comfortable Internet access speed, but such a significant signal drop at such a short distance indicates a clearly insufficient power of the built-in Wi-Fi module for the conditions of a city apartment.

Overview of the optical modem SERCOMM RV6699 | conclusions

Fiber-based GPON technology, actively promoted in Moscow by MGTS, is a really convenient, modern and technologically advanced way of broadband Internet access offered at a reasonable price. In particular, at the time of writing this review, the minimum tariff for the "GPON Home Internet" line was 300 rubles per month for access at a speed of 30 Mbps, and the maximum - 1600 rubles per month for a speed of 500 Mbps.

In addition, GPON technology makes it possible to provide not only Internet access services via a single 2-mm fiber optic cable, but also a home landline telephone with number retention, and high-definition television (via a separate set-top box), and connection of a security alarm. At the same time, due to the large width of the WAN link, all these services can operate at maximum speed without any mutual influence.

Optical modem SERCOMM RV6699(aka router, access point and VOIP gateway) is the latest model of MGTS branded equipment that supports Wi-Fi IEEE 802.11ac and the 5 GHz band, which can provide wireless communication at speeds up to 600 Mbps. Until recently, such speeds seemed fantastic even for a wired connection!

Modem SERCOMM RV6699 has a lot of settings and a well-thought-out Russified web interface, intuitive even for people who are not familiar with network technologies. However, one cannot fail to note its significant drawback - the low power of the built-in Wi-Fi module, which is why the signal level drops rapidly with distance from the device, and the declared speeds are realized only in the immediate vicinity of the modem.