Penetration Testing mailing list archives
RE: Privacy of ISP's customers
From: "Marc Doudiet" <marc.doudiet () psdsecurite com>
Date: Sun, 14 Jan 2007 18:33:13 +0100
Hello, I'm not sure to understand by at what layer are you with the other customer ? Can you do arp poisoning ? If so you can sniff the traffic... Hope this help. Marc Doudiet PSD SECURITE Information systems security consultant L.A. IS 27001 - Information Systems Security Officer (HEC-GE) http://www.psdsecurite.com Av. de Boisy 42 1004 Lausanne - Switzerland +41 21 622 0728 - +4179 5893494 -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de s-williams () nyc rr com Envoyé : mercredi, 10. janvier 2007 22:32 À : alcides.hercules () gmail com; pen-test () securityfocus com Objet : Re: Privacy of ISP's customers For starters my people don't chnage there default ip address and once you have access you open up the internal host and make those accessible via the internet. Kind of like turning off thefirewall "A wise man ask questions, a fool is afraid of knowledge" -----Original Message----- From: Alcides <alcides.hercules () gmail com> Date: Wed, 10 Jan 2007 16:18:03 To:pen-test () securityfocus com Subject: Privacy of ISP's customers Hi List, I'm presently working with a semi-government ISP as a security consultant. The ISP has provided Internet access to the customers via phone lines, it's DSL. The customer is given q DSL router as a CPE. ISP people configure it with 2 IP addresses; one local and one global, and implement NAT for security. And the router is configured using both ie Global/Private IP address in a browser. I recently have been asked to find out loopholes in the mentioned system where the customer's privacy is not taken care or can be compromised. Now when I started my activities impersonating a normal customer, I found that: 1]I can nmap and discover open ports on my and neighboring IP addresses. 2] This included HTTP, HTTPS, FTP, SMB, NB-SSN etc services listening for incoming connections. 3]When I try to connect to some customer's HTTP port, I'm taken to his/her DSL-router(CPE) config. page, Configuration password is asked but is blank. Now my questions: 1]What kind of tests can be carried out in order to find out what level of access can other customers gain and 2]What degree of impact can it have as far as the privacy of the customers is considered. Your views can be a great help. Thanking you, ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000 0008bOW ------------------------------------------------------------------------
Attachment:
smime.p7s
Description:
Current thread:
- Privacy of ISP's customers Alcides (Jan 10)
- Re: Privacy of ISP's customers s-williams (Jan 11)
- RE: Privacy of ISP's customers Marc Doudiet (Jan 15)
- Re: Privacy of ISP's customers Javier Fernández-Sanguino (Jan 26)
- Re: Privacy of ISP's customers s-williams (Jan 11)