[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Insecure Cable networks ?

Subject: Insecure Cable networks ?
From: truman at suspicious.org (Truman Boyes)
Date: Sat, 6 Feb 2010 17:58:30 +1100
In-reply-to: <[email protected]>
References: <[email protected]>

On 6/02/2010, at 1:43 PM, Jorge Amodio wrote:

<snip>
> fired nmap, tried several 10/24 networks and just playing by hand
> found hundreds of devices and every single one I tried default password
> it worked, not only modems, also modem/routers and some with
> integrated VoIP where if I wanted I would have been able to change
> provisioning configuration, channel scanning, browse through the call
> manager logs and see who's calling or being called, etc.
> 
> Isn't this a huge security hole ?
> 
> It wont take much for a kiddie to write a very simple script to drive
> crazy the noc guys taking down pieces of the network here and there ...
> 
> If a grownup from TWC/RR wants to get more specifics feel free to
> contact me.
> 
> Regards

Yes  this is a huge security hole. Management networks should always be restricted to some extent and the fact that default passwords allow you into VoIP gateways provides an avenue for call fraud. At a very minimum the devices should restrict which addresses can talk to them (ie. management servers in the MSO) and passwords should be non-default.

Maybe you can consult with the local MSO?

Kind regards,
Truman

Follow-Ups:
- Insecure Cable networks ?
  - From: jmamodio at gmail.com (Jorge Amodio)

References:
- Insecure Cable networks ?
  - From: jmamodio at gmail.com (Jorge Amodio)

Prev by Date: Insecure Cable networks ?
Next by Date: NorthStar IP Management System
Previous by thread: Insecure Cable networks ?
Next by thread: Insecure Cable networks ?
Index(es):
- Date
- Thread