Telecom Monopoly CenturyLink’s Static IP / Modem / UPS Scam Outlined

I’m really sorry to say that I was excited when I found out CenturyLink offered gigabit 1000 up 1000 down fiber to the home in the neighborhood I just moved into. Dreams of things like having enough upload speed to leave the cloud and operate jamesachambers.com independently in my own home seemed like they could finally be a reality. Dreams were quickly shattered when I realized what kind of incompetence and dishonesty I would be dealing with.

Ordering

I checked to make sure static IPs were available through CenturyLink. Let’s check it out:

CenturyLink Static IP Order Page

Oh perfect, it looks like they definitely offer it! The one time charge is a little silly but assuming I will keep them for years it should still be worth it. Absolutely no indication here I won’t be able to get it with any CenturyLink provided service.

I ordered the service right through CenturyLink’s web site for $65 a month with no taxes or additional charges with the qualification that I must enroll in autopay. Fast internet here we come!

First Installation

The first installation was professional and extremely well done. Just kidding. Check it out:

A “UPS” installation being used as a power strip drilled into my wall with no battery

There’s one of two things going on here. Either CenturyLink doesn’t install batteries on UPS units of customers who don’t have phones just to save a few bucks, or both of my techs took the batteries and sold them on eBay. That’s about it.

If you have a phone installed an installation like this may violate code in your area, so if you’re a CenturyLink customer (sorry) I recommend you go out to your box and see if you have one of these. Bet you there’s a good chance you don’t!

The UPS battery is there for service to keep running during power outages so it is a safety issue. This mostly impacts phone services but can definitely still help a lot with internet as well. You don’t want your equipment to go down with minor power fluctuations or if it’s only your house and the neighborhood is fine or if a breaker flips. People are relying more and more on VOIP for their phone which goes through your internet as well as other services like IP cameras that you want to keep protected and online especially if events are occurring that may cause power loss.

Either buy your own battery for it off eBay or call CenturyLink and let them know you don’t appreciate them putting your safety at risk to save themselves a few bucks.

This is your “real” modem — it is not the one CenturyLink gives you

And this right here is your actual modem. It is a ONT unit that interfaces with the fiber. If you open the inner panel you can see the fiber terminations although I would highly recommend leaving the inner part of it alone (unless you’re a fiber tech you can do no good in there, the connections can be very sensitive).

You actually don’t need CenturyLink’s modem at all no matter how much their sales/tech staff tell you that you need it. All you need is a router that is capable of PPPoE dialing and tagging your traffic as vlan201 (this is how CenturyLink hides their traffic from normal devices from normal gateways like your router) and establishing a PPPoE connection. More on that later.

Static IP Results – Installation #1

Here’s a link to CenturyLink’s static IP tool: https://www.centurylink.com/home/help/internet/static-ip-addresses/order-or-cancel-static-ip-address.html

Upon logging into the tool:

CenturyLink Static IP Fail
CenturyLink Static IP Eligibility Denial Message

Oh boy, what happened? Well it turns out CenturyLink has something called “SimplePay” which is what they wanted me to sign up for. The “benefit” of it is it’s a flat rate without the usual taxes and fees all telecoms tack on there. The downside? It’s completely outsourced 100% to India and considered a prepaid plan and a lower tier of service. It’s not eligible for static IPs.

Gee, that would have been good to mention somewhere! Surely they can fix my account in the computer though right?

Nope. To fix it you will need to call them again and they will need to do ANOTHER installation. This one won’t be free, it will cost you $99. You also get taxes and fees added on to the rate every month unlike the previous plan. Great. I did it anyways because I need the static IP block to do *anything* I wanted to do with this connection.

They also left the line unburied. They said someone would come by in a couple of days to bury it. Nobody did.

Installation #2

I don’t have any pictures to share about the second installation. Why? Because they didn’t do anything. Literally they did not do anything.

We went to my basement and plugged in their new modem and he left. Then 5 minutes later I disconnected their new modem and put it back on my own. $99.

On the upside, after the SECOND installation, they actually came back and buried my line! That’s something at least!

Static IP Attempt #2

Surprised?

So after spending about 5 hours on the phone getting my new account set up and confirming it is a “postpaid plan” I still can’t access the tool. It turns out CenturyLink ordered me something called a “webshop” account. What is a webshop account? Good question, I never bought the service at a webshop, CenturyLink chose it for me when I told them I needed to get on a plan that does static IP addresses.

But they didn’t chose the right one. And guess what? They can’t fix this one in the computer either. They have to come install it again, and I will be charged $99 again. I will not be refunded for my previous installation. What did I pay for the second time they charged me and came out to install the service again? Nobody can tell me.

CenturyLink’s Unnecessary Backdoored Malware Modem

Now surely I must have lost my mind with this heading. It sounds like crazy cooky Alex Jones stuff to say that CenturyLink’s “modem” is backdoored and isn’t even necessary for the service to work.

Nope. Afraid not. CenturyLink has a long and proud tradition of backdooring their modems and those backdoors being insecure and leaked out/discovered. I’ll just share with you some of the ones in the past few years but these go way back. Here’s some examples:

https://www.exploit-db.com/exploits/43118 – 2017 – CenturyLink built in backdoor username: admin password: CenturyL1nk – boy they’ll never figure out that one and have unfettered backdoor access to my entire home!

https://www.exploit-db.com/exploits/43105 – Same exploit for the common Zyxel modem

https://vulners.com/packetstorm/PACKETSTORM:144851 – Once you get in with the CenturyL1nk password you can change to root by using the password “zyad5001”. Great!

Now if you think that the 2020 versions of these modems don’t just have a different more secure password and that CenturyLink doesn’t still have ROOT ACCESS to a hardware device in your dwelling and subsequently your network….

Bypassing Modem

To do this you will need a router capable of vlan tagging and PPPoE connections. Note that some areas might not use vlan tagging as the router has an option to turn it off although I suspect this is pretty standard. If you have any doubts log into your CenturyLink modem and in your advanced WAN settings it will tell you if vlan tagging is enabled and which one they’re using.

First you will need your PPPoE credentials. CenturyLink will give these to you (for now) if you call technical support. I had the tech give me them to me in person on the second install because they type them into your modem. It’s part of the 5 minute unnecessary setup and best I can tell is the only reason they insist they have to send a tech and charge you. These credentials will not be your normal username and password. In fact, it’s likely the email address is one you will have never seen before ending in @centurylink.net. They are special creds set up for you by CenturyLink to connect through the ONT device I showed earlier.

Once you have that all you need to do is tag your WAN port as vlan201. For my home I used a Fortigate FG-30E which is my whole house firewall. These are enterprise grade devices and are quite expensive (especially with AV and IPS signature subscriptions) but newer higher end Linksys and Netgear and many other brands of routers also support basic vlan tagging now. If you have a newer router that cost more than $100 it probably has it. Just look up whether your current router supports vlan tagging and PPPoE addressing and if it does you already have everything you need.

After tagging my WAN port with vlan201 I just let it retrieve everything else with PPPoE:

Bypassing CenturyLink’s “Modem” w/ FortiGate FG-30E – set vlan201 on WAN
Changed addressing mode to PPPoE and entered PPPoE credentials provided by CenturyLink tech support

There you go. Bye bye backdoored modem/router!

A Note About CenturyLink’s “Secure WiFi”

My modem and these new modems apparently come with some built in service called “Secure WiFi”. This sounds like some really fancy technology that you wouldn’t want to give up!

Well let’s take a little bit closer of a look here: https://www.centurylink.com/home/help/internet/security/secure-wifi/frequently-asked-questions.html

This page gives us what little information CenturyLink will tell you about what exactly this is. Let’s take a look at an entry and see if we can figure out if this has any real value. How about the “Hoes does Secure WiFi work entry:

Q: How does Secure WiFi work?

A: Secure WiFi uses a McAfee powered technology called Global Threat Intelligence (GTI) to identify dangerous websites. The protection works as follows:
GTI constantly monitors websites around the world for malicious and dangerous content.
When malicious content is found on a website, GTI 'flags' the site as risky.
When any of your devices attempt to visit a website, Secure WiFi checks that the website is not on the 'risky' list.
If the website is risky, Secure WiFi stops the device from accessing that site and displays a warning page.

Okay, so Secure WiFi is just basic web/IP filtering installed network wide and provided through McAfee’s service/list. This may actually have some value to regular Joe internet users as common botnet C&C sites and malware distribution sites will be on the list.

It also means that CenturyLink tracks every connection you make it and sends it to a server to decide (and log) whether it’s going to allow you to connect.

Do you trust them to keep that information safe and not sell it to third parties? This company tells you when you call their support phone number that they will sell your information for marketing and repair purposes unless you ask the agent to flag your call/account as not consenting. So for me the answer was obviously no, and so I was perfectly willing to go without this service, and in fact wanted to actively remove it.

However, I wanted to mention that it is better protection than nothing and you should be aware that if you don’t secure your network in other ways you are giving something up even if it’s pretty basic in reality. In my case the Fortigate came with a year subscription of their professional web filtering service as well as active antivirus and IPS threat signatures, etc. so I knew I was protected in other ways.

My Personal CenturyLink Modem Collection

The CenturyLink Tower of Shame

This is the CenturyLink Tower of Shame. How many modems will I end up with before CenturyLink can figure out how static IP addresses work? How tall will the tower reach? Do you think they’ll bill me for all these modems even though I haven’t been asked to return them? Have you had a personal experience with this company like I have? Let me know!

Update 7/9/20: Credit Score Change – Pulls from CenturyLink

I received an alert from my bank that CenturyLink has now done what is called a “hard pull” on my credit twice for both of these postpaid plans. This can impact your credit score and I received an option to dispute it. They may pull it again if I actually have them go ahead with another $99 install that probably won’t get me anywhere again. This is just another warning and another thing to watch out for.

Update 7/14/20: Account Migration Attempt Breaks Account (Service Disruption)

I worked with an “Account Specialist” who attempted to migrate my account. To do this I had to cancel my current account and he placed an order to start the new account without calling a dispatch. Essentially he was trying to fix it in the computer without me having to pay another $99 and have another installation/modem.

This technician finally figured out the reason I can’t access the CenturyLink static IP tool is that they are switching billing systems and their systems have not been updated to recognize the account #s from this new system. Their system is actually broken for new types of accounts and they have to attempt to migrate you. They said I need a “normal” account with a 10 digit account number to be recognized by the system. The Customer Advocacy group told me to ask for a “CRIS residential account migration”.

I was rightfully very nervous at this point because they have tried so many things unsuccessfully. I’ve heard this kind of stuff from them before and it has never panned out. My main concern was that they would make it worse (ESPECIALLY since this hair-brained scheme involved cancelling my current working plan).

The first sign of trouble was that a tech tried to contact me at 9 AM to do another install and had another modem. I refused this time as I was tired of paying the $99 and knew there was not supposed to be a dispatch. Sure enough at 5 PM my working account deactivated and my new account did not come online.

I spent about 3 hours on the phone with CenturyLink and was told that my account was stuck in a “Pending” state because the tech flagged it as a cancellation. The solution? I would need to start completely over with a new order and another hard credit pull against my name.

My account was so broken at this point they could not even schedule a tech to come and look at it because their system now showed that I had service at my address that was stuck in a broken state. My current status is I have been completely disconnected and have no internet at home for several days. I gave up and reordered the original prepaid “SimplePay” service I had for $65 a month and will come Thursday online through their web site. That was the only way I could get an install since they couldn’t order one for me with the “Pending” stuck account.

Will update further!

Update 7/17/20 – Back Online (Where I Started)

CenturyLink came and installed the original prepaid $65 a month with no taxes or fees that I started with. I’m giving up as having no internet at home was pretty painful!

Leave a Comment

Your email address will not be published. Required fields are marked *

Type here..