On Tue, Dec 29, 2009 at 10:23 AM, T Biehn <[email protected]> wrote: > This is an orgiastic dump of information, you must really hate ETB; or > you must be really excited for lulz. > or you're hoping that full disclosure will get ETB to fix the problem.
Regard, Lee > -Travis > > On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo > <[email protected]> wrote: > > I've recently discovered a security hole on the modems (which double as > routers) used by a Colombian ISP - ETB. > > > > It so happens that all incoming connections to an IP address on said ISP > on port 23 or port 80 land on the modem instead of the computer(s) connected > to it. Even if one tries to redirect those ports to a local machine, the > modem still gets all the connections on those ports. > > Also, connections on ports 23 and 80, from any IP address, will access > the modem configuration options. Last year that could be done only from > private IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, > from anywhere. I've been told that a few lucky users were able to forward > port 80, but in that case, it's port 8080 that is intercepted by the modem. > > The end result is that anyone, from anywhere, can access the modem of > anyone on ETB to mess up their configuration (e.g. obtaining and changing > the client's username and password, permanently disconnecting them from the > internet, and so on) - that is, if they have the administration password. > Unfortunately, ETB uses the same login/password on all of their modems since > 2006, which are publicly available on the web. > > Login: Administrator > > Password: soporteETB2006 > > > > The whole IP range 190.24/14 corresponds to ETB clients. Any IP on that > range where ports 80 and 23 are open is most likely a wide open ETB modem. > > > > Apparently, this issue has been repeatedly reported to ETB, but it always > falls on deaf ears. They seem to think this is no big deal since nobody > knows the username and password for the modems - which is not the case, and > even if it were, they would be easily crackable by brute force. > > > > Peace, > > > > -Cilia > > > > > > > > > > ____________________________________________________________________________________ > > ¡Obtén la mejor experiencia en la web! > > Descarga gratis el nuevo Internet Explorer 8. > > http://downloads.yahoo.com/ieak8/?l=e1 > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > > -- > FD1D E574 6CAB 2FAF 2921 F22E B8B7 9D0D 99FF A73C > http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on > http://pastebin.com/f6fd606da > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
