Privacy of ISP's customers

---

• From: Alcides <alcides.hercules@xxxxxxxxx>
• Date: Wed, 10 Jan 2007 16:18:03 +0530

---

Hi List,
I'm presently working with a semi-government ISP as a security consultant.
The ISP has provided Internet access to the customers via phone lines, it's DSL.
The customer is given q DSL router as a CPE. ISP people configure it with 2 IP addresses; one local and one global, and implement NAT for security. And the router is configured using both ie Global/Private IP address in a browser.
I recently have been asked to find out loopholes in the mentioned system where the customer's privacy is not taken care or can be compromised. Now when I started my activities impersonating a normal customer, I found that:
1]I can nmap and discover open ports on my and neighboring IP addresses.
2] This included HTTP, HTTPS, FTP, SMB, NB-SSN etc services listening for incoming connections.
3]When I try to connect to some customer's HTTP port, I'm taken to his/her DSL-router(CPE) config. page, Configuration password is asked but is blank.

Now my questions:
1]What kind of tests can be carried out in order to find out what level of access can other customers gain and
2]What degree of impact can it have as far as the privacy of the customers is considered.
Your views can be a great help.

Thanking you,

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

---

• Follow-Ups:
  • Re: Privacy of ISP's customers
    • From: Javier Fernández-Sanguino
  • Re: Privacy of ISP's customers
    • From: s-williams

• Prev by Date: Re: Null Session
• Next by Date: RE: Which router to choose for port scanning
• Previous by thread: Release of SSA version 1.5a
• Next by thread: Re: Privacy of ISP's customers
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: FreeBSD challenged by Internet ... in leu of advertising to get more customers, ... said guy is going to do if one day he sees the price on DSL Only ... ISP and telco charges separately but a couple providing a single ... the way that Verizon does ... ... (freebsd-questions) Re: [fw-wiz] The home user problem returns ... > The fact that ISPs are now seeing enough pressure (from customers, RBLs, ... > an antivirus app and personal firewall. ... that of a tech within an ISP. ... Afterall, what are folks ... (Firewall-Wizards) Re: PLUG: PMAS ... I've just started using that zen.spamhaus.org as well, ... looking at my suggestion for a social solution rather than technical ... My ISP has recently tightened things up, as a couple of months ago the ... If you knew that all of your existing customers ... (comp.os.vms) Re: Virgin pull your finger out ... The page where new customers go to signup with them. ... throttling in front of prospective customers intentionally, ... How are virgin different from any other ISP, ... At the end of the day they are a business, and ALL businesses, not just ... (uk.telecom.broadband) Re: Wireless for RV campground ... customers will demand. ... shop customers locked at 5.5Mbits/sec. ... you have the equivalent of a small ISP. ... takes so long to get funding and approval that they tend to specify ... (alt.internet.wireless)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)