New Zealand ADSL Mailing List


RE: Your Jetstream/ADSL connection is NOT secure

From: Craig Humphrey <Craig.Humphrey_at_ChapmanTripp.com>
Date: Thu, 20 Jun 2002 13:18:10 +1200
Message-ID: <3D6694DB1788D311BA3E00508B5DFFE7036F95AE@aklmessage01>

> -----Original Message-----
> From: Picanmix [mailto:peterjet@xtra.co.nz]
> Sent: Thursday, 20 June 2002 1:00 PM
> To: Craig Humphrey; adsl@lists.unixathome.org
> Subject: Re: Your Jetstream/ADSL connection is NOT secure
>
>
> Sounds good, but this list is not universal. Unfortunately
> it is the 'inexperienced' user who will be most likely to have
> set up their modem wrong, and they are probably less
> represented on this list.

True, but it would have put it under the eyes of various ISPs, who are then
in a position a) to conduct port scans (legally) and b) notify their
customers.

> Of course the problem is not just JetStream based. While
> people with dialup will not get high usage, they are leaving
> their machine
> exposed and could still be set up as a relay. I think dial is probably
> a bigger problem simply because there are more of them (and emails
> are small)

And correct my if I'm wrong, but dial-up doesn't use NAT, so in effect all
ports are open...

> I am sympathetic to John. While port scanning was not 'polite' I don't
> think anyone would have paid attention without it.

True, but first asking IHUG might have made the port scan kosha.

Otherwise it's like when a batch of cars turned out that 1 in 10 had the
same locks. You with your key, walked around car parks, trying your key in
the lock, and when you found a car it worked on, left a note on the drivers
seat. Better to inform the car manufacturer (who probably already knew in
this case) or some of the local dealers of that brand.

[snip snip]

> Notifying the ISPs may have helped, but without the port scan
> I suspect
> most would have ignored. Again Telecom would be in a similar position
> but I don't think Telecom has an easy way to contact all
> their customers
> (they usually go through the media or the ISPs)

I think we've already been shown by Nokia that Telecom have a very complete
list of details on their Jet* customers.

Later'ish
Craig 

-- 
This message is part of the NZ ADSL mailing list. 
see http://unixathome.org/adsl/ for archives, FAQ, 
and various documents. 
To unsubscribe: send mail to majordomo@lists.unixathome.org 
with "unsubscribe adsl" in the body of the message
Received on Thu Jun 20 13:19:24 2002

This archive was generated by hypermail 2.2.0 : Thu Nov 30 11:48:23 2006 EST