[TriLUG] OT: Time Warner Biz Class Mayhem

[Scott Chilcote]

Hello LUGers,

<tl;dr warning \>

Some of you may recall that I was searching for an alternative ISP last
month, because my company requested that I obtain separately billed
internet service and static IP for my home office.  TWCBC won that
decision, and they completed the installation in late January.

Starting up with their service has not been as trouble free as I'd
hoped, but I will focus on a problem that affects the Ubee
modem-firewall-router that they installed.

In the three weeks or so it has been running, it has somehow changed its
own settings on two occasions. 

As the TWC installer made clear when it was provided, I am not permitted
access to this device.  I can look at its status page on the network,
but they do not provide an account and password.  I need to call TWCBC
to make any configuration changes.

As with previous ISPs, I performed a search on the Ubee's model number
and found that it has two levels of accounts.  These are user and
admin.  I also found that the basic user level account is easy to find
online, and TWC does not generally seem to care if people access it.  I
tried it and was able to log into the device and look through its
settings.  It was working well, so I went along with TWCBC's restriction
and left it alone.

Fast forward two weeks, and one Thursday evening we noticed that our
wifi devices were no longer able to reach websites.  At first it seemed
like a problem with Time Warner's nameservers.  But after some
investigation I found that the Ubee's DHCP service was not providing
nameserver addresses anymore.  I tried manually adding a nameserver IP
into my laptop's config, and it fixed the problem.  But the next time it
connected to wifi it was deleted again.

I tried looking at the Ubee device's configuration to see what had
happened, and discovered that the user account was locked out.   So I
called TWCBC's technical support.  It took several calls over a day and
a half to get this addressed*.  What they wound up doing was resetting
the device to its factory settings and restoring the original configuration.

I won't belabor the details, but this didn't restore everything.  For
one, it disabled PPTP passthrough, which kept me from being able to use
my company's VPN until well into the next afternoon.  It also didn't
restore the user account access, which meant that I had no visibility
into the device's settings.  I understand why they want to do this, but
it makes helping a less than perfectly knowledgeable level 2 support rep
figure out why it isn't working a lot more difficult.

I wound up "fixing" the whole problem by asking them to put the Ubee
device in bridged mode, and turn off its radio.  Then I went to Intrex
and bought the TP-Link box with the most antennas and biggest numbers,
and set it down next to Ubee.  Within 20 minutes I had wifi and VPN
working, and made plans to flash it with one one of the WRT firmwares in
the near future.

But Ubee wasn't done yet.  Less than a day later our wifi failed again. 
Android devices were complaining about unreliable connections.  I tried
the Android wifi analyzer app, and found that a strong new wifi signal
had appeared right on top of the one from our new TP-Link box.  Its SSID
had the same model number as the TWC Ubee appliance.  I went down and
had a look, and sure enough the Ubee's blue WLAN light was shining. 
WTF?  It was definitely shut off the day before.

So it was back on the phone to TWCBC support to get it turned off
again.  While I was talking to TWCBC's rep I asked about how their
device got reconfigured.  Twice.  He didn't know.  Does Time Warner send
out periodic updates?  "No."  I asked if it could be defective.  This
seemed fairly possible since it was well used when installed.  It has
dings and scratches, and smells a bit like burning silicon.  But he said
"NO!" before I finished asking, making me wonder if this happens much. 
According to him, the main possibility is user tampering.  My wife and
our cats deny this.  Neither of our neighbors seem capable of cracking WPA2.

So why does their Ubee device have a mind of its own?  It passes its
self tests.  I can run these online from my time warner account.  My
only guesses are that either they do update it periodically and are
lying about it, or that script kiddies have figured out how to access
its WAN side config interface and are having their way. 

Does anyone have any insight to lend?

Thanks for any clues,

  Scott C.

________________
* Part of my curse with TWC is that we had residential service for five
years with them, up until 2009.  I made the mistake of giving them our
home phone number when I signed up for business class last month.  For
unknown reasons their customer service voicemail system only recognizes
our old residential service, so when I call them I get tossed back and
forth between business class customer service and residential tech
support.  I have complained about this every time I call, and every time
they say "It's fixed now!"  And the next time I call, it's time for
another round!

-- 
Scott Chilcote
Cary, NC USA
scottchilcote at att.net