EZ Outlet 2 Review
Disclaimer: I purchased this for my use, there was no solicitation from a vendor to do this.
Over the past few weeks, I noticed that I needed to reboot my cable modem more often. Not sure why, if because of the heat or an update, the bottom line is a reboot would do the trick.
In the past, if the connection to my cable modem was down, I would connect in via secondary line, a DSL line, and reboot the cable modem through a device called an APC9211 masterswitch. I used them in a prior work environment and I like them because I could reboot a box remotely if it was hung. Problem is that these devices are old and a few of them have failed on me due to age.
I will be out a lot this summer, and walking someone through rebooting the cable modem will be a pain. The DSL line no longer exists, replaced by a portable Internet device, or worse, tethering through a phone. So I needed a solution, initially, I was thinking of building my own, I am certainly capable of putting the hardware together that I could control manually, maybe an ESP8266 controlled some relays taking commands via MQTT, but time is short, and was actually cheaper to buy a smart switch than DIY.
And I did pick up a popular TPLink one that probably could do the trick, but in my search, I also came across a purpose-built device that monitors your internet connection.
This was the ezOutlet2 sold by ezOutlet on Amazon, another identical device is 3GStore remote IP switch, and they look identical.
• Device Name – EZ Outlet 2
• Model – EZ-22b
• Manufacturer – Mega System Technologies Inc
• Weight – 8 oz
• Standard C14 plug for power (typical PC cord)
• RJ45 Ethernet Connection 10/100
• Electrical rating – 100-240V 50/60Hz 10Amps
• There is a simple 1-page manual,
• Mounting template if you want to mount this on a wall.
• A standard C14 kettle cord (common one used for PCs)
• Short ethernet cable
• The device itself.
• Application Guide – https://images-na.ssl-images-amazon.com/images/I/61P1sbvauxL.pdf
• User Guide – https://images-na.ssl-images-amazon.com/images/I/B1nf5tSijuS.pdf
• Manufacturer Specs – https://images-na.ssl-images-amazon.com/images/I/71GEJAJnb9L.pdf
This is where I diverge from the standard documents. Some people will appreciate the app on their mobile device, for some philosophical reasons, I do not want to rely on someone else’s cloud server. I appreciate the fact that it is easier, but I feel better controlling my own stuff, especially with a device like this that can shut off your Internet.
So I basically ignore most of the User Guide, the only thing of relevance is the default username and password which is admin admin and a tiny section of the guide not much bigger than a credit card called Part 6: Control ezOutlet2 thru Web User-Interface
In addition to the default creds, it wants you to figure out the IP address that was assigned to the device, it recommends three ways,
- the app,
- look at your DHCP logs,
- scan your network with a utility like Netility.
The app was a non-starter for me, and I could have used the utility or some other network discovery tool to find the device. It was way easier to just look at the DHCP logs and find the IP address assigned to the device. The mac address was on a sticker on the devices so I could have searched by that, or search the logs for EZT which the device tries to register as.
Once I get the IP address, I port scanned it to see what was open, seems like only HTTP
You do not need to do this part, it was just curiosity by me.
Open a browser to the device (make sure you are on the same network) and you will be presented with a basic auth login
Log in with the default username of admin and the password of admin and you should be able to get in, on the right is a menu screen, and we will go through each one.
From this page- you can have the device toggle the Cable Modem on and off or do a reboot.
Note that even though my network does assign the use Google’s DNS server 184.108.40.206 nor openDNS DNS server 220.127.116.11, it uses them anyway.
You can change these on the Network page
I disabled DHCP, assigned it a static IP address on my network, disabled DNS auto-configure and used DNS servers on my network.
One of the things I did to secure it was to not use a default gateway, so now, it truly is local use only. More on that later, because you probably want to be able to manage it when you are remote.
So what was it trying to communicate with? I looked at my firewall logs prior to removing the gateway, and saw that it was trying to communicate via DNS, NTP and a cloud service.
For the DNS service it was trying to query two entries
- pool.ntp.org presumably for time
- finder.cloud4uis.com which looks to be the cloud service portion of the device.
For the cloud service, it looked to be trying to communicate via tcp port 10001 to finder.cloud4uis.com
So I was in good shape, on the network I have DNS and an NTP server, and I do not need the cloud service because I am opting to manage this locally.
On the settings page, you can set how you want to monitor, the top section controls what actions the monitoring works.
In my setup, I disabled cloud, with no default gateway, there would be no possibility of communicating with the service anyway.
Note in the time section there is no place to specify a time server, it really wants to use pool.ntp.org, so my way around that is to configure my DNS server to return the time server on my network when doing a query on pool.ntp.org
Change the username and password you would like to use to access this device. One of the reviewers on A,mazon said to use 15 characters or less for the password. More on that later.
You can schedule 6 different events during the week. You can have it turn on, off, or reboot.
Of course, you need a working time server for this to work.
You don’t have much flexibility here, basically you have to see if http is open, or the device is pingable
I prefer to check HTTP, because sometimes a device is pingable, but is still down. So HTTP may be a better check.
This page allows you to perform some maintenance
You can restart the device itself (which would restart the Cable Modem or whatever is connected)
Clear the settings, bring it back to factory state.
Or backup the settings to a file you download or restore settings by uploading the config file.
Note that the config file is a simple plain text file, the username and password are clearly visible in the file, so make sure you secure that file.
How I did it
The problem with no gateway
So as is, I don’t trust this device on the Internet because the web Interface is cleartext, and I am not sure what that App does.
In order to get this to work, I used a Linux box, which I know how to secure, on my local network to act as a reverse proxy to the device.
Also fixes the HTTP vs HTTPS issue
So right now if I type in https://urloflinuxbox.local/ I do get the web interface of the device
And it is secure (at least to the Linux box)
I can secure it even more by using SSL client certificates. So that 15 character password limit on the Internet is not so critical.
What about Internet
So I can simply punch a hole in my firewall so the world can access the https version of this device. But it really should go through an alternate link. One problem I have is that I cannot open a port through that alternate link. I can only access the devices outside, the outside cannot access my resources inside my network because I cannot open any ports.
The fix costs a little bit of money, and that is to use a cloud service provider like Azure or AWS. Seems a little hypocritical, do mention using a cloud service when I mentioned I had a philosophy against it earlier in this article.
But the nice thing is I do control the servers and understand the service. So what I have are “servers” I control (more or less) and I provide the service.
What I do is establish a VPN connection to my cloud server which would have a public IP address. I would route traffic through that public IP address back in over the VPN into my network. Securely, of course, using openvpn and a parameter called iroute. Not just route, but iroute. The actual how-to is more than what I can put in this document. Maybe a future article.
A More Robust Monitor
One way to access to reboot the Cable Modem is using a command line tool that can “get” web pages like curl or wget.
To reboot the device you can simple
Replace admin with the username CustPassword with the password you created and ip.ad.dr.es with the IP address of the device.
I tie this in with a network monitoring software called Nagios. If it detects that the Internet is down, it can automatically issue a reboot.
Also, the https://images-na.ssl-images-amazon.com/images/I/61P1sbvauxL.pdf document hints at other ways you can control or get status from the command line.
Pros and Cons
- Ethernet eliminates the reliance on wifi
- Has an IEC C14 plug which uses the typical “PC” power cord.
- No Wall Wart or External Power Brick
- Easy to control via CLI
- Wall mountable
- Easy to backup
- Easy to restore
- Can reverse Proxy
- Easy to reset back to factory
- Works Locally cloud service not needed
- No physical power switch
- No Https
- No way to configure alternate NTP server
- Only one user account
- Workarounds are complex
In my mind, this is a simple device that has an interesting built-in feature to auto reboot a modem if needed. If that is all that it does, and you do not need to access it from the Internet, this device sure does the trick.
Although the attack surface is just HTTP, it is clear text, so I would not trust this device on the Internet. But combined with supporting devices, this may actually be a pretty great device.