There are knobs on most models to restrict access to the GUI to: - the LAN interface - certain mgmt subnets. Sounds like the MSO doesn't have things set up correctly. Frank -----Original Message----- From: Jorge Amodio [mailto:jmamodio@gmail.com] Sent: Friday, February 05, 2010 8:43 PM To: NANOG Subject: Insecure Cable networks ? Is it a common practice on cable network providers to leave access to the cable modem/router management web UI wide open ? Here is the scoop. I heard about it but didn't experienced it hands on or seen myself until recently when I was testing one of the embedded TCP/IP boards I produce which as many other IP gadgets has a mini HTTP server which I access just typing the IP address of the thing. In my home lab an IPv4 address on 10/8, not very uncommon I screwed up and made a typo on the IP address and ended on a different device web UI, an Ambit cable modem Hmmm my modem is from Toshiba, I tried the default factory password, it worked !!, not only that, this thing is several cities hundreds of miles away from here .. ehhh ? fired nmap, tried several 10/24 networks and just playing by hand found hundreds of devices and every single one I tried default password it worked, not only modems, also modem/routers and some with integrated VoIP where if I wanted I would have been able to change provisioning configuration, channel scanning, browse through the call manager logs and see who's calling or being called, etc. Isn't this a huge security hole ? It wont take much for a kiddie to write a very simple script to drive crazy the noc guys taking down pieces of the network here and there ... If a grownup from TWC/RR wants to get more specifics feel free to contact me. Regards