I forgot to mention some info on that. The IP range 200.119.0/17 corresponds to ETB, too. Also I happen to know two of the modems they use: Huawei EchoLife HG520s (by far the most common) Thomson TG585
Peace, -Cilia --- El mar 29-dic-09, Cilia Pretel Gallo <[email protected]> escribió: > De: Cilia Pretel Gallo <[email protected]> > Asunto: [Full-disclosure] security hole on local ISP > A: [email protected] > Fecha: martes, 29 diciembre, 2009, 10:23 am > I've recently discovered a security > hole on the modems (which double as routers) used by a > Colombian ISP - ETB. > > It so happens that all incoming connections to an IP > address on said ISP on port 23 or port 80 land on the modem > instead of the computer(s) connected to it. Even if one > tries to redirect those ports to a local machine, the modem > still gets all the connections on those ports. > Also, connections on ports 23 and 80, from any IP address, > will access the modem configuration options. Last year that > could be done only from private IP addresses (i.e. > 192.168.0/24), but now it can be done, as I said, from > anywhere. I've been told that a few lucky users were able to > forward port 80, but in that case, it's port 8080 that is > intercepted by the modem. > The end result is that anyone, from anywhere, can access > the modem of anyone on ETB to mess up their configuration > (e.g. obtaining and changing the client's username and > password, permanently disconnecting them from the internet, > and so on) - that is, if they have the administration > password. Unfortunately, ETB uses the same login/password on > all of their modems since 2006, which are publicly available > on the web. > Login: Administrator > Password: soporteETB2006 > > The whole IP range 190.24/14 corresponds to ETB clients. > Any IP on that range where ports 80 and 23 are open is most > likely a wide open ETB modem. > > Apparently, this issue has been repeatedly reported to ETB, > but it always falls on deaf ears. They seem to think this is > no big deal since nobody knows the username and password for > the modems - which is not the case, and even if it were, > they would be easily crackable by brute force. > > Peace, > > -Cilia > > > > > ____________________________________________________________________________________ > ¡Obtén la mejor experiencia en la web! > Descarga gratis el nuevo Internet Explorer 8. > http://downloads.yahoo.com/ieak8/?l=e1 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > ____________________________________________________________________________________ ¡Obtén la mejor experiencia en la web! Descarga gratis el nuevo Internet Explorer 8. http://downloads.yahoo.com/ieak8/?l=e1 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
