Skip to content(if available)orjump to list(if available)

Avoid ISP Routers (2024)

Avoid ISP Routers (2024)

90 comments

·February 1, 2025
Visit

OkGoDoIt

I wish. I own my own modem and router, but Comcast won’t let me use them unless I pay a whole bunch of extra fees or accept a stupidly low monthly data cap. I’ve got my router downstream of theirs which is a bit annoying, especially considering their modem-router combo overheats and needs to be rebooted via unplugging power at least once a month.

Sadly I have no other options here in San Francisco. My house is not wired for phone service so I cannot get DSL. The various fiber services that are becoming more available in San Francisco are generally only available downtown or large apartment buildings. My freestanding house can’t get any of that. AT&T‘s new fiber doesn’t connect to me either. And webpass doesn’t have a good line of sight from my location to any of their microwave towers so I can’t get that. It is Comcast or nothing. It always amazes me that San Francisco is supposedly the tech capital of the world but internet connectivity here is worse than rural China. (And that’s not an exaggeration, I’ve spent plenty of time in rural China and in the mountains there, both the cellular and hardline service is infinitely better than San Francisco, aside from the firewall issues of course)

…I guess that turned into a bit of a personal rant but holy crap how is it 2025 and this is still a problem in a major tech city?

veilrap

I'm surprised by this, is Comcast super regional with it's restrictions? I have a Comcast 1gig plan in the Bay Area, and last I checked I get a small ($5?) discount for using my own modem. I've been on the plan for a least a few years now... so alternatively maybe I'm grandfathered in or something? Or maybe some Comcast sales person was lying to you about your options?

hackernudes

My experience in the Bay Area - if you rent the gateway from Comcast ($25/mo) then you have no data cap. If you use your own modem and want to remove the data cap it costs $30/mo, more than renting the gateway. The data cap is 1.2TB per month in my area.

I think that is what the commenter meant: "...unless I pay a whole bunch of extra fees or accept a stupidly low monthly data cap"

(edit: I initially thought it was $15/mo for the gateway + no data cap but just checked and it is $25/mo. They are called "Xfinity Gateway" vs "xFi Complete").

joecool1029

Tell them it's a home office and get comcast business. There's no data caps on any of the tiers and they allow use of any modem on their approved list.

clintonb

Competition matters. Comcast/Xfinity was my only "choice" in Cambridge, MA. It cost about $70 per month for 100Mbps service.

My building in Oakland, CA has multiple options, including fiber. The Comcast folks setup tables at least once per quarter to help customers/residents. The cost was much cheaper. I now have gigabit fiber from Wave, and pay less than I did back in MA.

phantom784

We we offered $10/month to use their modem + unlimited, or $30/month to use your own modem unlimited.

We actually don't use that much data though, so just went with the data cap and our own modem, and never went over.

This was in the Seattle area.

1123581321

It's not regional. The rental is $15-25/mo these days. You might be grandfathered in.

If you choose the $25/mo option, you don't have have to pay to waive the monthly data cap.

xyst

You probably live in a zip code where ISP choice is an option l. Thus not getting bent like parent comment

trimbo

I live in SF and Comcast doesn't charge me to have my own router.

I pay $130 for 1.4gbit and unlimited data. It's expensive but I also have no other choices. Sonic stops only one block over and we haven't been able to convince them to wire up my block.

jamestimmins

I'm so jealous of SF internet options.

In LA I pay $105 for "supposedly" 2-300mbit, but this week I've been seeing 30.

I keep looking for alternatives but haven't found any in my area.

dp-hackernews

I'm guessing a 5G mobile option is too expensive. In the UK I have a 3Mobile (Smarty unlimited data) 5G connection, using an MC801, for £20/m and I get around 1gb/100mb with it - until the tower hits a busy period, then it drops to about ~500mb/20mb

doctorpangloss

You do have a choice, it's Astound, and you're about to save like $1,000.

s1mon

We used to be stuck with Comcast, but we had no trouble using our own modem and router.

We moved from lower Nob Hill to Russian Hill and were finally able to get fiber from Sonic. We went from ~300Mbps down to 1G (more like 750Mbps) and from $137/month to $50/month. Oh and it’s symmetric, very much unlike cable. So happy to get rid of Comcast.

stickfigure

Check out MonkeyBrains? It's wireless broadband and they have LoS to many parts of SF. I used them back when I lived there (admittedly some time ago) and I had no complaints. Very much a small ISP with personalized service.

It won't be fiber speeds though.

mayneack

Interestingly, in my part of Los Angeles, the single family homes all got fiber well before the apartment retrofit. It took me joining the hoa board and a year to jump through the hoops for Frontier fios retrofit.

from-nibly

> …I guess that turned into a bit of a personal rant but holy crap how is it 2025 and this is still a problem in a major tech city?

Regulation created by ISPs to create monopolies for themselves.

iknowstuff

Just accept that xFi, the $30 additional fee or whatever it is, is just part of the price. If you’re not a normie you should probably just pay it and get a decent experience. Comcast is a monopolist but there are worse experiences out there than 1.4Gbit down/50Mbps up.

beached_whale

Leave their's in place but treat it as untrusted. Place your router between your home network and theirs. It works well.

jmcgough

Yes. Avoid their name servers, too - I was surprised how many weird connectivity issues went away years ago when I manually configured DNS.

pyuser583

The part about a cockroach colony is a bit unfair.

Insects love electronics, with the heat and noise they generate. And when electronics sit in storage for a long time, the critters can crawl in from neighboring items.

This is just as likely to happen with a non-ISP router.

Ok, in all fairness I don’t have any stats to back up that claim. But nobody else does either.

That open source router you love so much may have been sitting in storage even longer.

I have mixed feelings about ISP routers, and ISPs in general.

But insect infestation is a serious issue in consumer electronics and has nothing to do with ISPs.

Dylan16807

> the critters can crawl in from neighboring items

When it's shrink wrapped?

And why would a used device be on the shelf next to the new router I was buying?

You can argue this is "just as likely" with used devices, maybe. But if I'm buying a router it's not going to be used.

thowawatp302

If you can’t actually refute this then why say anything in the first place?

denkmoon

Some of the comments here about ISP behaviour are crazy. Australia has had our fair share of fucking up the national internet infrastructure but at least I can pick pretty much any ISP and use any router I like. Haven't used an ISP supplied router in something like 15 years.

magnetowasright

I've never had an issue with using my own hardware here. It's definitely one of the only good things about australian internet.

Regionally is a total crapshoot as to ISP choice, in my experience. Even in the massive regional cities it's often appalling. People living in rural or remote areas might as well not exist. If I moved somewhere that only telstra serviced I'd seriously consider just not having internet at all. It's roughly equivalent in internet access as paying telstra but it sure is cheaper!

porknubbins

All over the US I have always been able to use my own cable modem and router. OPs situation is unusual, I am guessing its some bundle they have for a discount but if they were paying standard (ie ripoff) rates they could use their own equipment.

Terretta

This thread made me realize dslreports.com has "closed".

Used to be you could find out there what works and what doesn't down to the chipset variations. My experience was same as yours, as long as I matched provider capabilities, it worked.

deathanatos

> It may well be cheaper in the long run to buy your own hardware

That's why my ISP forces me to rent theirs!

Something something market dominance in one market something something force dominance in another market …

In the end, I just treat the network like any other: assume the network is compromised, and security is/should be done by the endpoints.

xor-eax-eax

OPNsense DECISO router on 2 Gbps symmetric Google Fiber for $100/mo. works great. Anywhere without GF, I'd look for co-op municipal fiber consortiums before megacorps.

Terr_

Oh, absolutely. Even on just that last issue of cost, buying my own cable-modem paid for itself long ago, compared to the "rental" cost from my ISP.

On that note, it's better to buy a router separately from the modem. All-in-one devices are harder to diagnose and you can't reuse the router with a different connection type.

tills13

I run my own homelab and have a Ubiquiti gateway (UDM). I would have loved to have the fibre connection come directly into my box uninterrupted but the ISP's modem is required to associate the connection with my account (or something to that effect). Deeply disappointing.

newdee

More and more I see articles and videos about programmable SFP modules which can be used to directly connect devices like UDM to GPON/XG(S)-PON networks, completely bypassing the ISP provided ONT.

You may well find something that fits your situation with a little searching.

jeroenhd

My ISP sent over a Fritz!box (though they offered a "bring your own" option as well). It came preconfigured for my ISP.

I turned off remote access and TR-069 through a toggle in the settings, then changed the admin password. Really, that's all you need to do to take control of one of these routers.

There are good reasons to dislike the AVM routers, but their software is actually pretty solid in terms of customisation and network security. It's not a bad device, and the large scales ISPs can order them at they can be had for a significant discount as a rental compared to buying your own in a store.

protocolture

Thats one end of the spectrum.

One of my employers once ordered a pallet of Huawei routers. They turned up with a custom firmware provided by a different ISP. It was completely locked down, and only configurable via TR-069 and some proprietary Huawei ONT magic.

I also had a customer once that deployed a series of routers that were cloud managed only via the ISP. Not even TR-069 but they just did DHCP and phoned home via a proprietary protocol. Magic my customer said, he can just reboot customer routers remotely. The company that manufactured that router went bust 8 months later, leaving a bunch of preconfigured routers without a cloud portal and no path forward. Surprised I havent seen a DNS hijack published for them yet.

Shank

> Really, that's all you need to do to take control of one of these routers.

All major ISPs in the US do not do this, e.g., AT&T, Verizon, Comcast, Frontier, etc. You might be right for some ISPs that are nicer, but this advice is completely ineffective for most US consumers.

blibble

as a note I've had a fritzbox turn those settings back on itself without my doing anything

the thing went in the bin the next day

Tijdreiziger

AVM/Fritz is kind of a ‘premium’ option, though. Most ISPs provide hardware from e.g. Sagemcom or Zyxel (with locked-down firmware).

Shank

AT&T Fiber's routers have, in the past, had a tendency to overheat, offered false promises like "DMZ Plus" mode and have had a host of issues that led to a black market of people selling stolen AT&T certificate files [0] on the internet so you could bypass them, because they use 802.1x between their "Router/gateway" combination device and their ONT, when they're separate devices. The AT&T XGS-PON network is mostly coupled now, which has led to another group of people now creating compatible SFP+ modules to replace the entire GPON stack because of this.

I could be wrong, but I think AT&T Fiber is the only US ISP that doesn't even allow you to directly connect to their network. If you use any of their provided routers, they only offer "DMZ Plus" mode that still leaves their router/gateway managing state tables, which is vulnerable to hardware and software issues from the ISP. This leads people down the path of programming SFP+ modules and spending a lot more time than they should have learning about ISP networking, just to have a safer router/modem.

[0]: Due to security issues in the router/gateway firmware, various people have published guides and/or run actual businesses shucking routers/gateways from AT&T by exploiting them, grabbing the certs and private keys, and then re-selling them to people who need them. These don't get you free access to the internet or anything, they just let you authenticate to the network with your own device.

inyorgroove

As someone who has done this I take issue with characterizing the certificates as stolen. I exploited a security vulnerability in the device's web UI to extract them, from a piece of equipment I paid for. Its my equipment the provider required me to buy it for service, I can do with it as I please.

I would be in agreement with it if we were using all this to steal service, we just don't want to use their unstable and unacceptable equipment.

honestSysAdmin

Always treat hardware you get from someone else as not just untrusted but hostile until proven beyond any reasonable doubt otherwise.

Put an OpenBSD machine to act as a router/firewall between supplied devices and your own network to keep things clean.

poink

> Backup: an ISP will give one device. Should it fail at an inopportune time, you will be off-line until you get them to issue a replacement. When you own your own hardware, you can buy a second modem and/or a router for emergency backup.

This is nicer than it seems because "I've already tried a completely different modem" is a good way to short circuit ISP troubleshooting scripts IME.