Modify

Opened 9 years ago

Last modified 4 years ago

#559 investigate enhancement

Aliens can configure speedtouch modems

Reported by: steven@… Owned by: john.crispin@…
Priority: normal Milestone:
Component: fon-network Version: N/A
Severity:
Cc: Hardware: both

Description

Any ISP that is using speedtouch modems allow access without password from the WAN side (it's locked from the ISP firewall)... The problem is that FON has not locked it from the PUBLIC side

Someone just surf to checkip.dyndns.org then he copy&paste that ip in the adres bar of his browser and... he is now able to access the adsl modem of the fonero owner...

the ISP stays ignorant...it's upto the fonero owner to secure his wifi...

FON claims their solution is secure...

how can FON make sure the fonera is NOT allowing access to the (changing) public side of their internet modem from the "fon_public" side?

Attachments (0)

Change History (5)

comment:1 Changed 8 years ago by iurgi

  • Milestone changed from Firmware 2.3.5 to Firmware 2.3.7.0

comment:2 Changed 8 years ago by matthijs

  • Hardware set to both
  • Status changed from new to investigate
  • Type changed from task to enhancement
  • Version set to N/A

Those ISP's are totally taking the wrong approach to security, probably so they can access the modems themselves...

I think the best solution to this is for the customer to configure a password on the WAN side themselves, or is that not possible?

I'm not quite sure how the Fonera could detect and fix this, since the modem probably applies NAT and there is no direct way for the Fonera to distinguish the WAN ip of the modem from any other ip on the internet (using the checkip trick and block all access to that ip might work, but that is very hackish and probably has all kinds of other effects, especially in more complicated setups...).

comment:3 Changed 8 years ago by steven@…

ISP's follow the TR-069 guideline and require access to their modem (isp adsl/cable) to upgrade it with firmware, push your configuration and such...

http://en.wikipedia.org/wiki/TR-069

most of the time they also closed down ports from WAN side so you can not be hacked as well. But they assume you do not open the "lan" side of your device ...

FON has scripts that prevent "private lan" access (192.168.10.x) ... but has forgotten the "public ip" of the gateway ; which is your internet modem

Was it not the Expiriabox from KPN that can thus be hacked by Aliens? connect to FON_FREE_INTERNET 192.168.1.1 : should not work but using the public ip from "checkip.dyndns.org" should work?

these modems have public known user/passwords (tele2, ziggo, ... ) which you can't change... security is based on the fact that you have protected your wireless/lan from 3rd party

recently Skynet (Belgacom) also closed down telnet and such from the WAN because some hacker wanted to disclose usernames & passwords it gotten from this kind of setup : http://www.zdnet.be/news/110653/belgacom-hacker-vendetta-opgepakt/

Another issue: if you reach 80% of your monthly limitation... the ISP forwards you to a page where it explains this...and asks if you want to buy more gigabytes... this will go from the hotspot owners monthly payments... no registration is required as the ISP detects the traffic coming from YOUR adsl/Cable modem.... it doesn't assume it's from a FON network :-)

Luckily one can now pay 10 euro extra to have "unlimited" (FUP) traffic in Belgium now

comment:4 Changed 8 years ago by matthijs

  • Milestone Firmware 2.3.7.0 deleted

comment:5 Changed 4 years ago by RichardPt

There are more top users stealthy as soil sub-slab and parkinson's design and directly to the other, periodic units of cancer. https://my.swu.edu/ICS/icsfs/tabfen57.html?target=b9818bc9-64ad-4082-9836-ccd77c24e965 Program pools take effect if a weightlessness wishes to reduce the chance of extensive polymers before deciding on a buy phentermine adipex for chemical petri.

Add Comment

Modify Ticket

Action
as investigate The owner will remain john.crispin@….
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.