Aliens can configure speedtouch modems

[steven@…]

Any ISP that is using speedtouch modems allow access without password from the WAN side (it's locked from the ISP firewall)... The problem is that FON has not locked it from the PUBLIC side

Someone just surf to checkip.dyndns.org then he copy&paste that ip in the adres bar of his browser and... he is now able to access the adsl modem of the fonero owner...

the ISP stays ignorant...it's upto the fonero owner to secure his wifi...

FON claims their solution is secure...

how can FON make sure the fonera is NOT allowing access to the (changing) public side of their internet modem from the "fon_public" side?

[matthijs]

Those ISP's are totally taking the wrong approach to security, probably so they can access the modems themselves...

I think the best solution to this is for the customer to configure a password on the WAN side themselves, or is that not possible?

I'm not quite sure how the Fonera could detect and fix this, since the modem probably applies NAT and there is no direct way for the Fonera to distinguish the WAN ip of the modem from any other ip on the internet (using the checkip trick and block all access to that ip might work, but that is very hackish and probably has all kinds of other effects, especially in more complicated setups...).

[steven@…]

ISP's follow the TR-069 guideline and require access to their modem (isp adsl/cable) to upgrade it with firmware, push your configuration and such...

 http://en.wikipedia.org/wiki/TR-069

most of the time they also closed down ports from WAN side so you can not be hacked as well. But they assume you do not open the "lan" side of your device ...

FON has scripts that prevent "private lan" access (192.168.10.x) ... but has forgotten the "public ip" of the gateway ; which is your internet modem

Was it not the Expiriabox from KPN that can thus be hacked by Aliens? connect to FON_FREE_INTERNET 192.168.1.1 : should not work but using the public ip from "checkip.dyndns.org" should work?

these modems have public known user/passwords (tele2, ziggo, ... ) which you can't change... security is based on the fact that you have protected your wireless/lan from 3rd party

recently Skynet (Belgacom) also closed down telnet and such from the WAN because some hacker wanted to disclose usernames & passwords it gotten from this kind of setup :  http://www.zdnet.be/news/110653/belgacom-hacker-vendetta-opgepakt/

Another issue: if you reach 80% of your monthly limitation... the ISP forwards you to a page where it explains this...and asks if you want to buy more gigabytes... this will go from the hotspot owners monthly payments... no registration is required as the ISP detects the traffic coming from YOUR adsl/Cable modem.... it doesn't assume it's from a FON network :-)

Luckily one can now pay 10 euro extra to have "unlimited" (FUP) traffic in Belgium now