|
Full Disclosure
mailing list archives
Re: security hole on local ISP
From: T Biehn <tbiehn () gmail com>
Date: Tue, 29 Dec 2009 10:23:27 -0500
This is an orgiastic dump of information, you must really hate ETB; or
you must be really excited for lulz.
-Travis
On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo
<cpretelgallo () yahoo com> wrote:
I've recently discovered a security hole on the modems (which double as routers) used by a Colombian ISP - ETB.
It so happens that all incoming connections to an IP address on said ISP on port 23 or port 80 land on the modem
instead of the computer(s) connected to it. Even if one tries to redirect those ports to a local machine, the modem
still gets all the connections on those ports.
Also, connections on ports 23 and 80, from any IP address, will access the modem configuration options. Last year
that could be done only from private IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, from
anywhere. I've been told that a few lucky users were able to forward port 80, but in that case, it's port 8080 that
is intercepted by the modem.
The end result is that anyone, from anywhere, can access the modem of anyone on ETB to mess up their configuration
(e.g. obtaining and changing the client's username and password, permanently disconnecting them from the internet,
and so on) - that is, if they have the administration password. Unfortunately, ETB uses the same login/password on
all of their modems since 2006, which are publicly available on the web.
Login: Administrator
Password: soporteETB2006
The whole IP range 190.24/14 corresponds to ETB clients. Any IP on that range where ports 80 and 23 are open is most
likely a wide open ETB modem.
Apparently, this issue has been repeatedly reported to ETB, but it always falls on deaf ears. They seem to think this
is no big deal since nobody knows the username and password for the modems - which is not the case, and even if it
were, they would be easily crackable by brute force.
Peace,
-Cilia
____________________________________________________________________________________
¡Obtén la mejor experiencia en la web!
Descarga gratis el nuevo Internet Explorer 8.
http://downloads.yahoo.com/ieak8/?l=e1
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
|
