Re: Privacy of ISP's customers

For starters my people don't chnage there default ip address and once you have access you open up the internal host and make those accessible via the internet. Kind of like turning off thefirewall
"A wise man ask questions, a fool is afraid of knowledge"

-----Original Message-----
From: Alcides <alcides.hercules@xxxxxxxxx>
Date: Wed, 10 Jan 2007 16:18:03
To:pen-test@xxxxxxxxxxxxxxxxx
Subject: Privacy of ISP's customers

Hi List,
I'm presently working with a semi-government ISP as a security consultant.
The ISP has provided Internet access to the customers via phone lines,
it's DSL.
The customer is given q DSL router as a CPE. ISP people configure it
with 2 IP addresses; one local and one global, and implement NAT for
security. And the router is configured using both ie Global/Private IP
address in a browser.
I recently have been asked to find out loopholes in the mentioned system
where the customer's privacy is not taken care or can be compromised.
Now when I started my activities impersonating a normal customer, I
found that:
1]I can nmap and discover open ports on my and neighboring IP addresses.
2] This included HTTP, HTTPS, FTP, SMB, NB-SSN etc services listening
for incoming connections.
3]When I try to connect to some customer's HTTP port, I'm taken to
his/her DSL-router(CPE) config. page, Configuration password is asked
but is blank.

Now my questions:
1]What kind of tests can be carried out in order to find out what level
of access can other customers gain and
2]What degree of impact can it have as far as the privacy of the
customers is considered.
Your views can be a great help.

Thanking you,

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Relevant Pages

  • Dispute Leads to Internet Woes for Thousands of Users
    ... Thousands of Internet users struggled to send e-mail and keep their ... providers left large portions of the Internet unable to talk to each ... Communications Inc. refused to accept traffic from rival Cogent ... Inc. "Some customers say they've had trouble getting to our Web site." ...
    (comp.dcom.telecom)
  • RE: Linux on military aircraft
    ... Internet so that ... threading security can review it to see if there are any holes. ... And customers want to head from their vendor when they ... Banks had 0 experience in modern technology, ...
    (comp.os.vms)
  • FCC May Block Vonage From Accepting New Customers
    ... the nation's largest provider of Internet phone ... VoIP, to about 57,000 customers through its CallVantage service. ...
    (comp.dcom.telecom)
  • Deadline For VOIP 911 Passes
    ... Companies that provide Internet-based phone service could be barred ... selling Voice over Internet Protocol, or VoIP, to ensure that callers ... VoIP providers were told that if they failed to meet the deadline they ... could no longer market their services or accept new customers in areas ...
    (comp.dcom.telecom)
  • Re: T-Mobile Web n walk
    ... T-Mobile has introduced its first internet browsing service for pay as you ... Web 'n' Walk, which was launched for pay monthly customers last October, ... T-Mobile launches £1 a day mobile internet withweb'n'walkT available on pay ...
    (uk.telecom.mobile)