Re: [Full-disclosure] security hole on local ISP

2009-12-30 Thread Cilia Pretel Gallo
: Cilia Pretel Gallo cpretelga...@yahoo.com Asunto: [Full-disclosure] security hole on local ISP A: full-disclosure@lists.grok.org.uk Fecha: martes, 29 diciembre, 2009, 10:23 am I've recently discovered a security hole on the modems (which double as routers) used by a Colombian ISP - ETB

[Full-disclosure] security hole on local ISP

2009-12-29 Thread Cilia Pretel Gallo
I've recently discovered a security hole on the modems (which double as routers) used by a Colombian ISP - ETB. It so happens that all incoming connections to an IP address on said ISP on port 23 or port 80 land on the modem instead of the computer(s) connected to it. Even if one tries to

Re: [Full-disclosure] security hole on local ISP

2009-12-29 Thread T Biehn
This is an orgiastic dump of information, you must really hate ETB; or you must be really excited for lulz. -Travis On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo cpretelga...@yahoo.com wrote: I've recently discovered a security hole on the modems (which double as routers) used by a

Re: [Full-disclosure] security hole on local ISP

2009-12-29 Thread Lee
On Tue, Dec 29, 2009 at 10:23 AM, T Biehn tbi...@gmail.com wrote: This is an orgiastic dump of information, you must really hate ETB; or you must be really excited for lulz. or you're hoping that full disclosure will get ETB to fix the problem. Regard, Lee -Travis On Tue, Dec 29, 2009 at

Re: [Full-disclosure] security hole on local ISP

2009-12-29 Thread T Biehn
This is a hiroshima versus 'harmless' mountain demonstration debate, Lee. Because the post includes the raw data including ports, passwords and ranges one must assume that Cilia Pretel Gallo was appealing to the lowest common denominator, to a group of individuals where checking NRO whois db for

Re: [Full-disclosure] security hole on local ISP

2009-12-29 Thread McGhee, Eddie
. -Original Message- From: full-disclosure-boun...@lists.grok.org.uk [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of T Biehn Sent: 29 December 2009 17:08 To: Lee Cc: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] security hole on local ISP

Re: [Full-disclosure] security hole on local ISP

2009-12-29 Thread Valdis . Kletnieks
On Tue, 29 Dec 2009 02:23:24 PST, Cilia Pretel Gallo said: Also, connections on ports 23 and 80, from any IP address, will access the modem configuration options. Last year that could be done only from private IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, from anywhere.

Re: [Full-disclosure] security hole on local ISP

2009-12-29 Thread Lee
On Tue, Dec 29, 2009 at 12:08 PM, T Biehn tbi...@gmail.com wrote: This is a hiroshima versus 'harmless' mountain demonstration debate, Lee. Because the post includes the raw data including ports, passwords and ranges one must assume no, I don't have to make that assumption that Cilia