Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Privacy of ISP's customers

From: krymson () gmail com
Date: 10 Jan 2007 16:58:11 -0000
This is a pretty loaded and huge question, so I'll just cut down to one point or two. Disclaimer: I don't run an ISP so 
can't make technical suggestions on how their network settings should look.

RE:1) Are you using the internal IP or the global routable IP? If the global routable IP, this is normal and even I can 
scan your neighbors. If the internal IP, I'd be concerned.

RE:2) So if you scan a neighbor/customer you can see things like SMB ports (139/445)? I would be curious if this is 
from the router itself or from systems inside the customer network. This might indicate those routers provided by the 
ISP are doing absolutely nothing in terms of NAT/firewalling or they are simply 1-to-1 mapping straight through to a 
customer system. 

RE:3) Regardless whether you are using your global or internal IP here, this is not good behavior on the side of the 
ISP. The customer routers should not present a configuration access to anyone on the outside. My guess is they do this 
for their internal support to be able to connect and help customers who call in. The biggest problem with this is not 
necessarily whether they use unique passwords on each router or even strong passwords. I expect a setup like this with 
a customer may stick around for months and even years. Brute forcing that password is then very doable. Hopefully they 
change to a non-default password, have a strong password, and make them unique and unpredictable for each customer. An 
easier solution is to just not allow this behavior and only allow internal connections (i.e. from the customer's 
network) to access the configuration screens. A slightly more difficult solution is to allow access for internal 
support only, and block everyone else (depends on the
  features of the provided router, but I wouldn't hold my breath that they can do this).


<-snip->
1]I can nmap and discover open ports on my and neighboring IP addresses.
2] This included HTTP, HTTPS, FTP, SMB, NB-SSN etc services listening 
for incoming connections.
3]When I try to connect to some customer's HTTP port, I'm taken to 
his/her DSL-router(CPE) config. page, Configuration password is asked 
but is blank.

Now my questions:
1]What kind of tests can be carried out in order to find out what level 
of access can other customers gain and
2]What degree of impact can it have as far as the privacy of the 
customers is considered.
Thanking you,

---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: