nanog mailing list archives
Re: Anyone running C-Data OLTs?
From: blakangel () gmail com
Date: Fri, 10 Jul 2020 13:28:17 -0700
Well here are a couple hundred: https://www.shodan.io/search?query=Command+Line+Interface+for+EPON+System -Keith Mel Beckman wrote on 7/10/2020 1:07 PM:
Perhaps you’re confusing OLT with ONT? An OLT is a “curbside” distribution node, the ONT is the CPE. The vulnerability is in the distribution node, not the CPE. No provider with any sense exposes their distribution node admin interface to the Internet.-mel via cellOn Jul 10, 2020, at 1:01 PM, mel () beckman org wrote:The “WAN” port of an OLT _is_ it’s management port. Data, IPTV, and VoIP traffic pass on VLANs, typically encrypted. These are passive optical network (PON) devices, where all CPE in a group of, say, 32 premises receive the same light via an optical splitter. Thus network partitioning is a requirement of the architecture. There is no concept of a traditional “WAN” port facing the Internet.-mel via cellOn Jul 10, 2020, at 12:21 PM, Owen DeLong <owen () delong com> wrote: Um, from the article it appears that this isn’t on the Management interface, but the WAN port of the OLT.OwenOn Jul 10, 2020, at 11:01 , Mel Beckman <mel () beckman org <mailto:mel () beckman org>> wrote:But who, who I ask, opens their management interface to the public Internet?!?!Maybe this is vulnerability if you have a compromised management network, but anybody who opens CPE up to the Internet is just barking mad :-)-mel via cellOn Jul 10, 2020, at 10:00 AM, Owen DeLong <owen () delong com <mailto:owen () delong com>> wrote: https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872Wow… Just wow. Owen
Current thread:
- Anyone running C-Data OLTs? Owen DeLong (Jul 10)
- Re: Anyone running C-Data OLTs? Mel Beckman (Jul 10)
- Re: Anyone running C-Data OLTs? Owen DeLong (Jul 10)
- Re: Anyone running C-Data OLTs? Mel Beckman (Jul 10)
- Re: Anyone running C-Data OLTs? Mel Beckman (Jul 10)
- Re: Anyone running C-Data OLTs? blakangel (Jul 10)
- Re: Anyone running C-Data OLTs? J. Hellenthal via NANOG (Jul 12)
- Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
- Re: Anyone running C-Data OLTs? Nick Hilliard (Jul 13)
- Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
- Re: Anyone running C-Data OLTs? Mike Hammett (Jul 13)
- Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
- Re: Anyone running C-Data OLTs? Owen DeLong (Jul 10)
- Re: Anyone running C-Data OLTs? Mel Beckman (Jul 10)
- Re: Anyone running C-Data OLTs? Alexander Neilson (Jul 10)
- Re: Anyone running C-Data OLTs? Brandon Martin (Jul 10)
- Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)
- Re: Anyone running C-Data OLTs? Mark Tinka (Jul 13)