nanog mailing list archives
Insecure Cable networks ?
From: Jorge Amodio <jmamodio () gmail com>
Date: Fri, 5 Feb 2010 20:43:10 -0600
Is it a common practice on cable network providers to leave access to the cable modem/router management web UI wide open ? Here is the scoop. I heard about it but didn't experienced it hands on or seen myself until recently when I was testing one of the embedded TCP/IP boards I produce which as many other IP gadgets has a mini HTTP server which I access just typing the IP address of the thing. In my home lab an IPv4 address on 10/8, not very uncommon I screwed up and made a typo on the IP address and ended on a different device web UI, an Ambit cable modem Hmmm my modem is from Toshiba, I tried the default factory password, it worked !!, not only that, this thing is several cities hundreds of miles away from here .. ehhh ? fired nmap, tried several 10/24 networks and just playing by hand found hundreds of devices and every single one I tried default password it worked, not only modems, also modem/routers and some with integrated VoIP where if I wanted I would have been able to change provisioning configuration, channel scanning, browse through the call manager logs and see who's calling or being called, etc. Isn't this a huge security hole ? It wont take much for a kiddie to write a very simple script to drive crazy the noc guys taking down pieces of the network here and there ... If a grownup from TWC/RR wants to get more specifics feel free to contact me. Regards
Current thread:
- Insecure Cable networks ? Jorge Amodio (Feb 05)
- Re: Insecure Cable networks ? Steven Schecter (Feb 05)
- RE: Insecure Cable networks ? Frank Bulk (Feb 05)
- Re: Insecure Cable networks ? Truman Boyes (Feb 05)
- Re: Insecure Cable networks ? Jorge Amodio (Feb 06)