the ISP called Etisalat which is in UAE (United Arab Emirates) , they are using new strategy of forcing their surveillance on the ppl. they have used trick to lie on ppl, which is:-
they are calling & sending messages to UAE ppl , and telling them you can upgrade your internet speed from X megabit to 20 megabit with free router and wireless telephone.
now is this problem? no , but here is the deception inside this:-
they will force you to use their router because there will be no internet connection from your router. and their router is D-Link DIR 850L with etisalat firmware (not the original D-Link firmware). their firmware has the a backdoor inside it , which give the ability to any etisalat employee accessing the router and do/change what ever they want inside it. not to mention the firmware is closed source for sure, and MAYBE contain malicious programs inside it like e.g spyware or …etc.
but what is for sure now the firmware has a backdoor inside it.
and also you CANT go back to the original speed that you were using + your router. and also adding fees about 200$ if will cancel the internet.
and if you ask them why are you doing this? their answer is:-
we want to serve our customers as we can give them full support when having a problem regarding connectivity with routers.
(as you see very cheap excuse to kill your freedom of choice on routers with high security level and also achieving the goal which is killing your privacy)
Sounds rather bad, especially if they’d include their own SSL certificate in the firmware, as to eavesdrop on https connections. However, I have to say that I couldn’t find anything about this anywhere else, which makes it hard to judge on how this would affect Tor users. Maybe pluggable transport helps, maybe they use a more advanced method, maybe they combine a few things (like the Chinese government, which to make obfs2, 3, etc. useless, pretty much pings every server on the net to see, whether it answers in anyway according to the Tor protocol and blocks it).
So, it would be great to get some more information, otherwise it will be hard to judge.
Have a nice day,
Ego
P.S.: Just a thought, do you have an image of the firmware? Maybe someone in the community could reverse engineer it to a certain degree.
Yes you right and i got it already,
and when i replaced their router with another from after market, didnt work, as i called them already and explained my issue, they told me that i cant use another router except the one they provided for me which it is: D-Link DIR-850L.
Thats bad i cant use my preffered router instead.
Unfortunately, UAE Etisalat did worst than D-Link already did is flush it with edited the alpha firmware it self so won’t be able to even upgrade the router in the future and locked it with their own (CUSTOM) FW.
am not an IT expert thou but here is what i could grab yet.
Its an auto config url that been attached in the router they installed for me:
I guess this is where the router takes a place including the router’s MAC address for banning any other router to get it work with the ISP.
Not sure thou.
It is not true that you cant use any router. You have in fact the freedom of choice to select whatever router u want to use. You only need to configure the proper VLAN ID.
I am using a 850L router with stock firmware and it works like a charm.
Even if you dont know the correct vlan id you can still figure it out after few trial and errors. Try 21,24,27 or 31. 21 worked in my case although when I asked etisalat helpline they told me it should be 24 which did not work.
practice of use replacing https ceritficates is widely used in our days by semi-feodalic countries, as kazahstan, uzbekistan for example - but anyway they still have working services there, as local business, and which more important, equipment need it -
may try pick a proxy from one of these countries from public lists or google buy socks 1 proxy for up to $1 month or shared between 1-3 user proxy up to $0.5 a month, every is socks/http, and wardrive it)))
so all u need - is any IP (web address) which not blacklisted by your https kill firewall, that all - connect it via any free port (any proxy server able to work at any port - so if you will not be able to reach any other country at all so it will be North Korea intranet but not internet) - and then connect to TOR from it, forward. I think so))
also any RDP works on whichever port you wish - and if provider uses DPI (deep packet inspection) you need any VPN that use encryption, almost every. but as above, some kill every secure connection - but still, as they not closed to international traffic - accept google with their own SSL, china accept their own Ali Cloud opened to other world - so you just use Google VPS / proxy or Ali VPS / proxy for example, and OK.
there are few surrealistic fantasies as in russia, to make internet between BRIC for example - but there was and there present, as old good fido, already darknet sites wwh-club.net / .bit (Blockchain DNS) for example etc, which have TOR and Blockchain DNS mirrors and sure they will have communication in this BRIC and outbound gates sale)))
except only case people will have no phones at all as eg in North Korea, as even there you might hide a node in their intranet under DNS Blockchain))) and just such a passive modems with provider firmware, now hangs on every PON even mine there in russia so for the moment there no reason to worry above…
and add to this there is SAMBA vulnerability inside it and been hacked through metasploit check here:-
(Content in arabic)
that been said , this is before 2 years and now the contract finished (mostly for all since that time), u can raise a complain against the upnp connection and change it to non-upnp connection and throw the router of etisalat and use ur own router.
i have called etisalat and told them i would like to disable PNP feature
they tried to convince me not to ( it will be hard to support you in the future the speed might reduced … bla bla bla )
i insisted so they register my request after 1 hour one guy from etisalat called me and told me (i will cancel your PNP please note that the router will stop working and you have to configure your own router )
and its done
now if you like to use the etisilat router dlink 850 as extender or AP do the following
1- download the firmware from dlink website
2-set your computer to static ip adress 192.168.0.2 and default gateway is 192.168.0.1
3- plug the Ethernet to the lan port neareast one to the wan port
4-enter the dlink recovery mode by removing the power press and HOLD the reset while enter the power plug
,
5- pluge the eathernet to the lan port neareast one to the wan port
6- open browser ( 192.168.0.1 )
7-dlink recovery web page well load and you can upload stock firmware and use it as AP
As far as i concerned, original D-link DIR-850L firmware is not any better. I have searched over the internet and seen plenty of articles describing vulnerabilities and ways to hack this model of router. So if you concern about security, then better to choose more secure router by design, not Dlink.