Port #'s for blocking update servers - Fire TV Q&A, Help & Troubleshooting

Finally gained access to my isp's router to add urls for blocking updates to the AFTV. The router is asking for port #s too, not just urls.
By default it puts in 80. When I tried to access those urls the two notification urls seem to be blocked, but the critical one
amzdigitaldownloads.edgesuite.net is responding when I tested it. Giving me a too busy to answer message.
I am assuming that it is not actually blocked. Does anyone know what the port # is?

dropcheck said:
Finally gained access to my isp's router to add urls for blocking updates to the AFTV. The router is asking for port #s too, not just urls.
By default it puts in 80. When I tried to access those urls the two notification urls seem to be blocked, but the critical one
amzdigitaldownloads.edgesuite.net is responding when I tested it. Giving me a too busy to answer message.
I am assuming that it is not actually blocked. Does anyone know what the port # is?
Click to expand...
Click to collapse
Not too sure why your router's UI is asking for port numbers. The HTTP protocol works over 80 and HTTPS works over 443. You should block both (as I am not sure if update checking and downloading works over HTTP or HTTPS).
There is one other thing that might be of concern to you, thought it might not be an immediate concern (somebody can look at the source code to see if Amazon is upto something). But, if I were Amazon, I would dynamically push a port (or plural) down to FTV (maybe during initial connection for credentials verification) and do the update song and dance over a non-standard port(s). If they do something like that, you will be SOL with particular port(s) blocking. But I have not read that it happening....
Again, this is the first time I have heard that URL blocking needing a port number... Make sure you are in the right menu on your router as a CYA.

What isp and router are you using?

It's a local telco. The rtr is a Comtrend CT-5374.

Maybe try opening a free account at opendns.com.

Related

MAC Address Changing with every Reset?

Just updated my HD7 to the update with internet sharing. After this, I can confirm that every time I reboot my phone, I get a new mac address. Which prevents me from connecting to my MAC-address-filtered wifi. I've done it 6 times and gotten 6 unique MAC addresses.
Does this happen to anyone else's phone? HD7 specific? or all phones with internet sharing? My internet sharing is turned off.
That's strange, I've never heard of a device with a dynamic MAC address before. Does your phone have one printed under the battery?
Nope, just IMEI, SN and PN. No MAC address.
This must be related in internet sharing somehow.
silvertonesx24 said:
Does this happen to anyone else's phone? HD7 specific? or all phones with internet sharing? My internet sharing is turned off.
Click to expand...
Click to collapse
I can confirm this on my HD7.
MAC changes on every reboot.
I confirm too,i have the issue of mac adress changing every reboot
& my wifi is not visible since the update,My wifi is N and i can only see wifi G near me but not mine
hi
for me too : mac adress change after shutdown.
for time don't shutdown the phone to have same mac adress with my internet box.
htc support tell me that they will answer on monday.
but i think it's a big problem with this update...
Ben
That's a bit strange. Normally you can't change MAC's for yourself, only spoofing is possible. If WP is really changing the MAC adress with every reboot, WP needs a valid MAC adress block licensed from IEEE, otherwise it would be a violation against IEEE.
I thought mac address we're never aloud to change!?
Lol that's illegal as all hell, a dynamic mac address
Gotta be a glitch in the firmware surely? No way that's allowed. Your definitely sure it's not a dynamic IP address you're seeing?
Sent from my SGH-i917 using Board Express
ive also asked this question a couple of days ago right after applying the htc internet sharing update. and ive posted my question here (entry #38) and people provided good answers about it. hope this helps
Yes, mine also changes it's only when i read this thread and test my hd7 and i notice the changes.But I S is a breeze.
The issue is that some people assign static IPs to devices on their home networks, and this is done in most routers via MAC address coupling (MAC a always gets IP z and so forth). That way you can simply block all devices you and people in the residence do not own. I do it on all my machines for development reasons, cause I like knowing I can always use x IP address to get at a certain machine even if I turn it off or it's down for a while for repairs. The IP never changes as long as I continue to use that specific network card in the computer.
I don't know why they would do that. Perhaps for security reasons?
I have the same problem - cannot connect to my University WiFi network as the MAC address keeps on changing....
This is crazy!
They better get on that quick! They could get in a lot of **** for that
putting aside the weird WP7 behaviour for the moment...
MAC filtering is useless as a security measure. It's trivially spoofable by anyone who actually wants to attack your network, and causes a pain in the arse for yourself. do yourself a favour and disable it already. the only thing it might be good for is router-side internet access control of your technically challenged 8 year old who doesn't know how to use google.
just use a strong password i.e. 20+ characters alpha (upper & lower) + numeric + special characters, and proper wireless security (WPA-2 AES, or at least WPA AES) and you'll be just fine.
Confirming
That update was a bag full of $$$$ !Luckly I was able to restore through Zune,but my Bootloader (SPL) was also updated to 5.01 and no way of going back!
With regards to the missing WiFi network - make sure it's not using Channel 13. The new update seems to disable the use of Channel 13 for some reason.
There is also another issue with the changing MAC's - I believe that some "public" WiFi networks such as the cloud use the MAC to remember your device and allow it to connect...
primexx said:
putting aside the weird WP7 behaviour for the moment...
MAC filtering is useless as a security measure. It's trivially spoofable by anyone who actually wants to attack your network, and causes a pain in the arse for yourself. do yourself a favour and disable it already. the only thing it might be good for is router-side internet access control of your technically challenged 8 year old who doesn't know how to use google.
just use a strong password i.e. 20+ characters alpha (upper & lower) + numeric + special characters, and proper wireless security (WPA-2 AES, or at least WPA AES) and you'll be just fine.
Click to expand...
Click to collapse
Mac filtering is not useless as a security measure. It's not used by itself. It's used in conjunction with other methods, the same way businesses also hide their wireless network's SSID.
I'm not filtering on an Open Connection. That would be retarded.
Seriously...
GrahamWager said:
With regards to the missing WiFi network - make sure it's not using Channel 13. The new update seems to disable the use of Channel 13 for some reason.
There is also another issue with the changing MAC's - I believe that some "public" WiFi networks such as the cloud use the MAC to remember your device and allow it to connect...
Click to expand...
Click to collapse
im not sure though but im guessing so does other apps with secured log in parameters. i do have the bank of america app. right after i did the update, and after inluding the new mac to my networks allowed list of mac addresses, the boa app again posted a message saying that the device where im accessing boa has not been used previously to access the account. so im guessing that it saves all the mac addresses of devices that accessed a boa account.

How to Block Root using UVerse Gateway?

Hi
I seem to have hit a bit of bad luck.
I have ATT Uverse with their 3800HGV-B Gateway, and a Netgear WNDR4300 behind it. As Uverse gateway wouldn't block the amzdigitaldownloads.edgesuite.net, softwareupdates.amazon.com domains, I "blocked" them on the Netgear router, and AFTV is connected via Ethernet to the Netgear box.
I ordered AFTV from Staples and was lucky to get a rootable version (v620), the above blocking was not effective and v820 got downloaded but didn't autoinstall. I went ahead and Rooted it using AFTV Utility, and made a mistake!! of not disabling OTA updates on AFTV. I was make a mistake and clicked in the OTA menu and lost all root
I tried another AFTV box, and this installed OTA and went straight to v520. I have used AFTV Utlity to block further updates hoping it might be easier to get Root on this version than v820.
My "blocking" on Netgear router is clearly not working.
I MAY give this another try w/ a new AFTV order but need to know how to block the sites using Uverse Router. I would really like to get a Rootable AFTV, as I want to have XBMC assessable via the home page, pair my Wii Remotes, etc.
Is there anyway to determine the stock FW version based on AFTV DSN Number.
Any guidance would be most appreciated.
I really want the Root
Umm, ~200 views and no replies. I hope soem guru chimes in
First off, you should ask questions in the q&a forum. You get better results. But hold on, let me find my spoon...I don't use a netgear router so I can't tell u exactly what to do but you can probably Google it. On the router, you would need to look for parental controls or firewall areas. Use key word blocking or url blocking and block the required sites. They are listed around this forum somewhere. Then before you even power up your firetv, use your computer and try and download the software updates from Amazon. If you have your router set up correctly it should give you an error and not let you get them.
Edit: quick Google search turned up this: http://forum.xda-developers.com/showthread.php?t=2760884
Thanks for taking the time to post a reply. The issue I have is wrt the interaction of UVerse Gateway and the 2nd Netgear Router behind it. As DNS is still handled by Uverse, (I think) Netgear router is not able to block it. I have that part configured. I will try and block the additional URL in the thread. Thanks again.
Legolas2 said:
Thanks for taking the time to post a reply. The issue I have is wrt the interaction of UVerse Gateway and the 2nd Netgear Router behind it. As DNS is still handled by Uverse, (I think) Netgear router is not able to block it. I have that part configured. I will try and block the additional URL in the thread. Thanks again.
Click to expand...
Click to collapse
I don't use UVerse but I have a similar setup with a router behind a gateway. Can't you disable DNS on the gateway and configure the router to handle DNS?
I can't offer specifics on UVerse as I don't use it but on mine I just turn off DNS on the gateway and let my router handle it.
The easy way to do it is to open a free account on opendns.com and block from there. After root, follow this guide: http://www.aftvnews.com/how-to-block-ota-update-for-amazon-fire-tv-and-keep-root-access/
Do you have DD-WRT installed on your Netgear? If so, I have the same setup (except I have a Time Warner cable in place of Uverse). Using the the DNSMasq on my Netgear does prevent DNS lookups. I can confirm that with my setup. The Netgear does not need to pass through the DNS look-up further upstream if you properly set up your Masq options in DD-WRT. I have used 2 routers with DD-WRT setup and both have worked as intended.
The reason I can say that it works is that my updates were blocked, but more importantly, any pings to the the blocked addresses from my laptop (hooked to the same Netgear router) results in the bogus IP I put (127.0.0.1). One thing you want to make sure to test your setup is to make sure that you ping it on a computer and make sure that you don't have any static DNS entries for your network adapter on your machine that you are testing with.
If you have DD-WRT installed or plan to install it, please update the thread and I can post some pictures of my setup.
jmerrilljr2 said:
The easy way to do it is to open a free account on opendns.com and block from there. After root, follow this guide: http://www.aftvnews.com/how-to-block-ota-update-for-amazon-fire-tv-and-keep-root-access/
Click to expand...
Click to collapse
Bingo. I had to do this when my router blocks were not working. Before I even plugged in my FTV, I tested the update web addresses in my browser. If I hadn't of done that, then I would've thought that my router block was working and lost root as soon as I plugged it in. Instead, I saw that my router blocks were eff'd, and signed up for OpenDNS. Confirmed the blocks in my browser...THEN, I plugged in the FTV for the first time.
Anytime you only get one shot at something, you really want to make sure that you get it right and don't miss.
Now that Staples has AFTV down to $84, I will try my luck again and use OpenDNS setup. Hopefully I can get a "rootable" FW version out of the box.
BTW, Uverse Gateway sucks
Legolas2 said:
Now that Staples has AFTV down to $84, I will try my luck again and use OpenDNS setup. Hopefully I can get a "rootable" FW version out of the box.
BTW, Uverse Gateway sucks
Click to expand...
Click to collapse
I took a look at a pdf of your 3800HGV-B Gateway modem and it apparently does bridge mode.
Bridge mode will make it act like a modem only, and let your router take care of DNS & all the other settings. It's how I have my home set up (I have comcast though, different hardware), as in my experience the modem/routers you get from your ISP usually sucks.
Might want to take a look into that.
nyder said:
I took a look at a pdf of your 3800HGV-B Gateway modem and it apparently does bridge mode.
Bridge mode will make it act like a modem only, and let your router take care of DNS & all the other settings. It's how I have my home set up (I have comcast though, different hardware), as in my experience the modem/routers you get from your ISP usually sucks.
Might want to take a look into that.
Click to expand...
Click to collapse
Thanks Nyder. I managed to get 3800HGV into bridge mode and was able to block the Amazon sites from my computer. Will get to installing the new Fire TV (hopefully, it is rootable).
I wish AT&T had made this easy, it was PITA to get it working, w/ multiple factory resets needed to get it done right.

[Q] Any way to test if updates are blocked?

I recently got a UK Fire TV so I can't root it, but I still want to block updates just in case.
I'm running a TP-Link WDR3600 with DD-WRT and I have set it to block the three URLs* using the devices static IP and MAC address.
However, when I go to the "check for system update" option it still lists the last check as 'today'.
I did additional tests using firefox on the device itself and it can block URLs (for this test Google) but I'm not sure whether the updates are blocked.
For now I've disconnected it just in case and OpenDNS isn't an option for me as I have a shared IP address.
*:
firs-ta-g7g.amazon.com
softwareupdates.amazon.com
amzdigitaldownloads.edgesuite.net
from what i read blocking the update URLs is useless, you might as well let it update and wait for a new root procedure.
DEREKTROTTER said:
from what i read blocking the update URLs is useless, you might as well let it update and wait for a new root procedure.
Click to expand...
Click to collapse
Not true. Just go to the URL in your browser and see if your router stops you. Mine didn't, so I setup an OpenDNS account. That worked.
OpenDNS also worked great for me as well.
Using a VPN kills the OpenDNS block on the Amazon updates, so make sure you do the internal block if you plan on using a VPN.
retroben said:
OpenDNS also worked great for me as well.
Click to expand...
Click to collapse
Thanks for the responses, unfortunately OpenDNS isn't really an option since I live in a flat where we share a connection/IP address.
So I guess I'm just going to have to risk it then or maybe look up alternatives.
In case I do try something, what is the way to tell? Does it just pop up with an error message?
tech3475 said:
Thanks for the responses, unfortunately OpenDNS isn't really an option since I live in a flat where we share a connection/IP address.
So I guess I'm just going to have to risk it then or maybe look up alternatives.
In case I do try something, what is the way to tell? Does it just pop up with an error message?
Click to expand...
Click to collapse
If you give the fire tv a static ip address, you have to manually fill in the dns servers.
rbox said:
If you give the fire tv a static ip address, you have to manually fill in the dns servers.
Click to expand...
Click to collapse
The problem is not how I'd set it up but that it could cause other issues, for example, if someone else uses opendns to block something which I want.
tech3475 said:
The problem is not how I'd set it up but that it could cause other issues, for example, if someone else uses opendns to block something which I want.
Click to expand...
Click to collapse
Can you guys not talk to each other to figure out a plan that works for all?
spyder3 said:
Can you guys not talk to each other to figure out a plan that works for all?
Click to expand...
Click to collapse
No, it would be impractical if not impossible where I am.
In the end I decided to give it a shot anyway, just have to hope I'm the only one using opendns.
So far so good.
DEREKTROTTER said:
from what i read blocking the update URLs is useless, you might as well let it update and wait for a new root procedure.
Click to expand...
Click to collapse
I did a lot of tests to day (UK fire tv)
you get different IP for that URL depending on what DNS you use unblockus,google,isp etc etc
so im not sure I think its all in the lap of the gods
I am so poised on smashing this thing up :¬) I will enjoy it
tech3475 said:
I recently got a UK Fire TV so I can't root it, but I still want to block updates just in case.
I'm running a TP-Link WDR3600 with DD-WRT and I have set it to block the three URLs* using the devices static IP and MAC address.
However, when I go to the "check for system update" option it still lists the last check as 'today'.
I did additional tests using firefox on the device itself and it can block URLs (for this test Google) but I'm not sure whether the updates are blocked.
For now I've disconnected it just in case and OpenDNS isn't an option for me as I have a shared IP address.
*:
firs-ta-g7g.amazon.com
softwareupdates.amazon.com
amzdigitaldownloads.edgesuite.net
Click to expand...
Click to collapse
All settings on DD-WRT:
Go to Settings. Under that make sure your tab is again "Settings".
Under the subsection DNSMasq, put these options.
DNSMasq: Enable
Local DNS: Disable
No DNS Rebind: Enable
Additional DNSMasq Options: Copy these 4 lines and paste into that textbox.
#block amazon firetv update
address=/amzdigitaldownloads.edgesuite.net/127.0.0.1
address=/softwareupdates.amazon.com/127.0.0.1
strict-order
Also, refer to the PDF file. Look at the section "Network Setup". Within that look at "Router IP" and "DHCP". Change your private subnet to whatever you wish to use, mine is 192.168.5.0/24.
Once you have the setup, reboot your router. Next, reboot your computer and ping one of the above DNS address. You should get a reply back from "127.0.0.1". Next reboot your FTV and verify.
I have the same setup and works for me.
NOTE: MY TIME WARNER MODEM/ROUTER IS IN BRIDGED MODE. Meaning, it is a simple pass through and all router related functionality is disabled. Works solely as a dumb modem.
NOTE: Simple URL blocking is not sufficient. That ONLY blocks HTTP access, not HTTPS.
Thanks, that seems to have done the trick.

[Q] Is there any other way to block fire stick updates?

I tried to use my netgear firewall and I do not feel confident that those are working; i only know that it is blocking the amzdigitaldownloads.edgesuite.net site, the other two shows as unavailable not as blocked and montoya-ota can be searched at google. Opendns is not available thanks to my provider.
I tried to use sideloaded firewalls and blockers but those look for a com.android.vpndialogs.apk that is not present in the AFSTV. Can it be added to make those apps usable?
My 360 antivirus says that the AFSTV has a mms vulnerability. Is that vulnerability update related?
Thanks for your replies: good:
i used the built in netgear firewall to block them when i was setting up my fire tv box and when it tried to dl the updates it wasnt able to so you should be fine
@Bellmig said:
I tried to use my netgear firewall and I do not feel confident that those are working; i only know that it is blocking the amzdigitaldownloads.edgesuite.net site, the other two shows as unavailable not as blocked and montoya-ota can be searched at google. Opendns is not available thanks to my provider.
I tried to use sideloaded firewalls and blockers but those look for a com.android.vpndialogs.apk that is not present in the AFSTV. Can it be added to make those apps usable?
My 360 antivirus says that the AFSTV has a mms vulnerability. Is that vulnerability update related?
Thanks for your replies: good:
Click to expand...
Click to collapse
It's fairly common for routers to be unable to block updates.amazon.com and softwareupdates.amazon.com because the Fire TV does not use HTTP to communicate with those domains and many routers can only block HTTP communication.
I wouldn't worry about it too much as long as you are sure amzdigitaldownloads.edgesuite.net is blocked. Blocking only that domain is sufficient. The other two domains and the keyword block are just backups incase Amazon changes the update files to come from a domain other than amzdigitaldownloads.edgesuite.net.
Try to download one of the update files from AFTVnews.com/software and if it gets blocked, then you know your amzdigitaldownloads.edgesuite.net block is working.
Sideloaded/software firewalls are not reliable since they usually won't detect/block the update file if it comes from one of Amazon's CDN servers, which is often the case.
I find my asus router does block updates but you only know it when testing by trying the direct download links.
AFTVnews.com said:
It's fairly common for routers to be unable to block updates.amazon.com and softwareupdates.amazon.com because the Fire TV does not use HTTP to communicate with those domains and many routers can only block HTTP communication.
I wouldn't worry about it too much as long as you are sure amzdigitaldownloads.edgesuite.net is blocked. Blocking only that domain is sufficient. The other two domains and the keyword block are just backups incase Amazon changes the update files to come from a domain other than amzdigitaldownloads.edgesuite.net.
Try to download one of the update files from AFTVnews.com/software and if it gets blocked, then you know your amzdigitaldownloads.edgesuite.net block is working.
Sideloaded/software firewalls are not reliable since they usually won't detect/block the update file if it comes from one of Amazon's CDN servers, which is often the case.
Click to expand...
Click to collapse
If I block all three sites/domains suggested on your site through openDNS netflix will not work, it opens with a error message. I might try blocking just amzdigitaldownloads.edgesuite.net but given that I am not rooted at the moment and on the most recent firmware I'm not sure it is worth doing.
My stick unfortunately shipped with the 54.1.0.1_user_101016220 update already installed. I blocked further Amazon updates through my router but then I stupidly hooked the stick up at my parent's house where the block is not in place. The stick downloaded the update and now it keeps telling me it will update when not in use. I pulled the power and left it. Is there a way to delete what it downloaded or to prevent the update from installing at this point?

MAC Changes?

I'm trying to get my Z2 connected by IPSec to my LAN. Part of that is I want to have it always get a known IP address.
Well the mechanism that most DHCP servers use is setting the MAC to assign a known IP. But checking the logs I find that the Z2 changes MAC every time I establish a new VPN connexion! WTH?
I mean, normally I would see this as a benefit, but I need to be able to pin down what is what so I can give it its rightful IP address, so I can find it later.
When I check interfaces with ipconfig, there are about a dozen of them, and the one getting the VPN IP is tun0.
Nogat 7.1.1, rooted. Anyone know what's going on here?
No one's getting random MACs...

Categories

Resources