* Joe Blanchard <jblanchard@wyse.com> [20010516 03:29]:
and seeing the changes I knew nothing had been done. On a whem, and sort of a bet, I did a scan of the ISP's net and found over 100 Cayman routers open, as well some odd 20 SpeedStream routers (simple password/login just give it admin and you have the keys to the kingdom so to speak). To me, and perhaps I am missing something here, This seems a bit odd, in that a major ISP deploying these items would in fact leave routers, ok junior routers, this wide open. I really don't want to name the ISP in question openly for the obvious reasons, but has it really gotten to the point that Broadband for businesses is slapped in with no security and no education to the persons getting it?
Yep. Although this is nothing new. The heavier deployment of xDSL and Cable to unsuspecting end-users has only made it more obvious. What do you expect when a new CPE (router or bridge) is handed to Joe Blow by their ISP with minimal security measures in place? He's certainly not going to know how to lock it down! The next several years are going to be interesting. Some ISPs are going to get bitten in the ass as their customers' networks are compromised. This has already happened in some cases but the ISPs are not yet feeling the costs from fixing the situations afterwards. Perhaps when they begin to they'll start working on being more pro-active. Or perhaps they are already feeling it..
Sorry for the rant
I'd rant at your ISP. It is their customers and, ultimately, them that will feel the pain. This industry isn't going away but we've still got a LOT of work to do. :-) -jr ---- Josh Richards <jrichard@{ geekresearch.com, cubicle.net }> [JTR38/JR539-ARIN] Geek Research, LLC - San Luis Obispo, CA - <URL:http://www.geekresearch.com/> KG6CYK - IP/Unix/telecom/knowledge/coffee/security/crypto/business/geek