New Zealand ADSL Mailing List


Re: Your Jetstream/ADSL connection is NOT secure

From: Craig Whitmore <lennon_at_orcon.net.nz>
Date: Wed, 19 Jun 2002 21:20:20 +1200
Message-ID: <3D104CD4.4010204@orcon.net.nz>

I complained to IHUG about this.. (I got a few copies myself (not for my
DSL connection))

Basically the IHUG customer ported scanned alot of DSL users for port 80
to see what was there (against IHUG's AUP), then gained access to the
routers which where open and got the customers login details (this can
be seem as forgery/intrusion). and then offered to fix the problem and
warned not to tell anyone else including the media of his little email
or other people will find out (isn't this called extortian). Then
offering to fix the problem for a sum of money that any ISP will help
out for free.

I think personally that what this person did was wrong

Also note, I got a customer who got this email and there was no way to
get into their router at all from remotely. ( I and another knowldgeable
person checked)

The main problem I see was basically the Modem manufactures NOT giving
good enough instruction on how to set up their routers correctly.
A good example is alot of routers I know, If you reset them back to
defaults and follow the specific NZ instructions given with them your
router is basically open to anyone to get into.

If anything, if you haven't already, please change the admin password on
your router (I'm not talking about Telecom Rented ones, as your not
allowed to touch those and they are perfectly well set up and secure) to
something no one else can guess.

Thanks
Craig Whitmore
NZDSL Information
http://www.nzdsl.co.nz

Michael Jager wrote:

>claiming to be David Hawke, <dvh@pl.net> said:
>
>
>
>>To lock it off, you need to set virtual servers for port 23 and
>>port 80, typically to a non-existent internal IP such as
>>192.168.254.254. You should also change the admin passowrd :-))
>>
>>
>
>I believe the non-existent IP has to be on the same subnet as the router (if
>you are using the default IP of 192.168.1.1, then making port 23 and 80
>point at 192.168.1.254 will work)
>
>Michael
>
>
> 

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message
Received on Wed Jun 19 21:20:46 2002

This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:23 2006 EST