lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 30 Dec 2009 03:54:36 -0800 (PST)
From: Cilia Pretel Gallo <cpretelgallo@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: security hole on local ISP

I forgot to mention some info on that.

The IP range 200.119.0/17 corresponds to ETB, too.
Also I happen to know two of the modems they use:
Huawei EchoLife HG520s (by far the most common)
Thomson TG585

Peace,

-Cilia

--- El mar 29-dic-09, Cilia Pretel Gallo <cpretelgallo@...oo.com> escribió:

> De: Cilia Pretel Gallo <cpretelgallo@...oo.com>
> Asunto: [Full-disclosure] security hole on local ISP
> A: full-disclosure@...ts.grok.org.uk
> Fecha: martes, 29 diciembre, 2009, 10:23 am
> I've recently discovered a security
> hole on the modems (which double as routers) used by a
> Colombian ISP - ETB.
> 
> It so happens that all incoming connections to an IP
> address on said ISP on port 23 or port 80 land on the modem
> instead of the computer(s) connected to it. Even if one
> tries to redirect those ports to a local machine, the modem
> still gets all the connections on those ports.
> Also, connections on ports 23 and 80, from any IP address,
> will access the modem configuration options. Last year that
> could be done only from private IP addresses (i.e.
> 192.168.0/24), but now it can be done, as I said, from
> anywhere. I've been told that a few lucky users were able to
> forward port 80, but in that case, it's port 8080 that is
> intercepted by the modem.
> The end result is that anyone, from anywhere, can access
> the modem of anyone on ETB to mess up their configuration
> (e.g. obtaining and changing the client's username and
> password, permanently disconnecting them from the internet,
> and so on) - that is, if they have the administration
> password. Unfortunately, ETB uses the same login/password on
> all of their modems since 2006, which are publicly available
> on the web.
> Login: Administrator
> Password: soporteETB2006
> 
> The whole IP range 190.24/14 corresponds to ETB clients.
> Any IP on that range where ports 80 and 23 are open is most
> likely a wide open ETB modem.
> 
> Apparently, this issue has been repeatedly reported to ETB,
> but it always falls on deaf ears. They seem to think this is
> no big deal since nobody knows the username and password for
> the modems - which is not the case, and even if it were,
> they would be easily crackable by brute force.
> 
> Peace,
> 
> -Cilia
> 
> 
> 
>      
> ____________________________________________________________________________________
> ¡Obtén la mejor experiencia en la web!
> Descarga gratis el nuevo Internet Explorer 8. 
> http://downloads.yahoo.com/ieak8/?l=e1
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



      ____________________________________________________________________________________
¡Obtén la mejor experiencia en la web!
Descarga gratis el nuevo Internet Explorer 8. 
http://downloads.yahoo.com/ieak8/?l=e1

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists