On Monday 02 July 2007 11:34, PJ wrote: > Scanning MTNL's ip space, I noticed with a faint sense of horror that > a script kiddie could DOS MTNL's service pretty thoroughly in the > space of about half an hour, since most of MTNL's modems allow wan > access and have a default username/password combination. Other > details are then available, which will apparently allow a cracker to > abuse the victim's account.
Ah, but the question is, can you connect to my MTNL account from a different MTNL number? I haven't tried it, but if they have a bit of a clue they should only allow logging into, e.g. the 23456789 PPP from 23456789 and not from 98765432. Has anyone tried this? > Allegedly MTNL doesn't use caller ID as part of its authentication. Hmm, that seems to indicate that you CAN connect to any account from any phone. Scary. > If this is true (I find it hard to believe this), then MTNL is being > inexcusably negligent. Of course, MTNL doesn't have much incentive to > stop this, since they just pass the bill on to users (and if the user > doesn't have an unlimited account, too bad). > > If this is not true, then the crackers who are using cracked accounts > are likely being naive idiots. > > So another tip for users is: > > Make sure you have all WAN services disabled in Management->Access > control-> services to avoid this sort of abuse. Or just use the modem in bridge mode, which is what I've been advocating all along. In bridge mode the modem doesn't have an external IP at all. Regards, -- Raju -- Raj Mathur [EMAIL PROTECTED] http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
