[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] security hole on local ISP

To: Cilia Pretel Gallo <cpretelgallo@xxxxxxxxx>
Subject: Re: [Full-disclosure] security hole on local ISP
From: T Biehn <tbiehn@xxxxxxxxx>
Date: Tue, 29 Dec 2009 10:23:27 -0500

This is an orgiastic dump of information, you must really hate ETB; or
you must be really excited for lulz.

-Travis

On Tue, Dec 29, 2009 at 5:23 AM, Cilia Pretel Gallo
<cpretelgallo@xxxxxxxxx> wrote:
> I've recently discovered a security hole on the modems (which double as 
> routers) used by a Colombian ISP - ETB.
>
> It so happens that all incoming connections to an IP address on said ISP on 
> port 23 or port 80 land on the modem instead of the computer(s) connected to 
> it. Even if one tries to redirect those ports to a local machine, the modem 
> still gets all the connections on those ports.
> Also, connections on ports 23 and 80, from any IP address, will access the 
> modem configuration options. Last year that could be done only from private 
> IP addresses (i.e. 192.168.0/24), but now it can be done, as I said, from 
> anywhere. I've been told that a few lucky users were able to forward port 80, 
> but in that case, it's port 8080 that is intercepted by the modem.
> The end result is that anyone, from anywhere, can access the modem of anyone 
> on ETB to mess up their configuration (e.g. obtaining and changing the 
> client's username and password, permanently disconnecting them from the 
> internet, and so on) - that is, if they have the administration password. 
> Unfortunately, ETB uses the same login/password on all of their modems since 
> 2006, which are publicly available on the web.
> Login: Administrator
> Password: soporteETB2006
>
> The whole IP range 190.24/14 corresponds to ETB clients. Any IP on that range 
> where ports 80 and 23 are open is most likely a wide open ETB modem.
>
> Apparently, this issue has been repeatedly reported to ETB, but it always 
> falls on deaf ears. They seem to think this is no big deal since nobody knows 
> the username and password for the modems - which is not the case, and even if 
> it were, they would be easily crackable by brute force.
>
> Peace,
>
> -Cilia
>
>
>
>     
>  ____________________________________________________________________________________
> ¡Obtén la mejor experiencia en la web!
> Descarga gratis el nuevo Internet Explorer 8.
> http://downloads.yahoo.com/ieak8/?l=e1
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] security hole on local ISP
  - From: Lee

References:
- [Full-disclosure] security hole on local ISP
  - From: Cilia Pretel Gallo

Prev by Date: [Full-disclosure] Secunia Research: AproxEngine Multiple Vulnerabilities
Next by Date: Re: [Full-disclosure] security hole on local ISP
Previous by thread: [Full-disclosure] security hole on local ISP
Next by thread: Re: [Full-disclosure] security hole on local ISP
Index(es):
- Date
- Thread