Security Basics mailing list archives
Re: Privacy of ISP's customers
From: krymson () gmail com
Date: 10 Jan 2007 16:58:11 -0000
This is a pretty loaded and huge question, so I'll just cut down to one point or two. Disclaimer: I don't run an ISP so can't make technical suggestions on how their network settings should look. RE:1) Are you using the internal IP or the global routable IP? If the global routable IP, this is normal and even I can scan your neighbors. If the internal IP, I'd be concerned. RE:2) So if you scan a neighbor/customer you can see things like SMB ports (139/445)? I would be curious if this is from the router itself or from systems inside the customer network. This might indicate those routers provided by the ISP are doing absolutely nothing in terms of NAT/firewalling or they are simply 1-to-1 mapping straight through to a customer system. RE:3) Regardless whether you are using your global or internal IP here, this is not good behavior on the side of the ISP. The customer routers should not present a configuration access to anyone on the outside. My guess is they do this for their internal support to be able to connect and help customers who call in. The biggest problem with this is not necessarily whether they use unique passwords on each router or even strong passwords. I expect a setup like this with a customer may stick around for months and even years. Brute forcing that password is then very doable. Hopefully they change to a non-default password, have a strong password, and make them unique and unpredictable for each customer. An easier solution is to just not allow this behavior and only allow internal connections (i.e. from the customer's network) to access the configuration screens. A slightly more difficult solution is to allow access for internal support only, and block everyone else (depends on the features of the provided router, but I wouldn't hold my breath that they can do this). <-snip-> 1]I can nmap and discover open ports on my and neighboring IP addresses. 2] This included HTTP, HTTPS, FTP, SMB, NB-SSN etc services listening for incoming connections. 3]When I try to connect to some customer's HTTP port, I'm taken to his/her DSL-router(CPE) config. page, Configuration password is asked but is blank. Now my questions: 1]What kind of tests can be carried out in order to find out what level of access can other customers gain and 2]What degree of impact can it have as far as the privacy of the customers is considered. Thanking you, --------------------------------------------------------------------------- This list is sponsored by: ByteCrusher Detect Malicious Web Content and Exploits in Real-Time. Anti-Virus engines can't detect unknown or new threats. LinkScanner can. Web surfing just became a whole lot safer. http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect ---------------------------------------------------------------------------
Current thread:
- Privacy of ISP's customers Alcides (Jan 10)
- <Possible follow-ups>
- Re: Privacy of ISP's customers krymson (Jan 10)