On Thu, Mar 24, 2022 at 10:04 AM Giovane C. M. Moura via NANOG < nanog@nanog.org> wrote:
Who cares about the SSID???
I don't remember the data model, but I remember that they retrieved data very often, multiple times a minute.
Please keep in mind that TR-069 (which in all likelihood is how the data you remember captured was captured) provides raw packet access to the customer side of the device. yes, this is a problem, yes it's certainly been/being abused. Yes the protocol is garbage and implementations are also garbage :( see the, at least 1, blackhat/defcon presentations about TR-069 problems. https://www.youtube.com/watch?v=XXhV7zpc6m8 https://www.geekzone.co.nz/forums.asp?forumid=49&topicid=214760&page_no=5 https://www.blackhatethicalhacking.com/news/multiple-backdoors-and-vulnerabi... there's really no reason at all to have this exposed as it is :(