Broadband security?
Please excuse the redundancy regarding this topic, but I can't help publisizing this. A few weeks ago I came across a rather odd opening regarding a certain ISP and its Cayman's DSL routers. Oddly enough I found 19 open routers actually telling/publisizing that there was no password set for the admin account using little more than a web browser (of course one of them being mine). A bit concerned I contacted the ISP in question, their NOC to be exact, and told them of this. During the conversation it was pretty clear that the NOC person didn't really care, and that "The customer is responsible for that security" or better said (not my job) applied within this situation. A bit concerned I contacted a sales rep from that same ISP and got this "wow, really, can you send me those IP addys and we'll look into it right away!". With some strange sense of helpfulness I sent those items to him and heard not a word. That was about 2 weeks ago, and I again checked on the nodes I had seen them open and found the same openings. I thought perhaps it was just a honey pot, but after changing two of the routers then restarting them and seeing the changes I knew nothing had been done. On a whem, and sort of a bet, I did a scan of the ISP's net and found over 100 Cayman routers open, as well some odd 20 SpeedStream routers (simple password/login just give it admin and you have the keys to the kingdom so to speak). To me, and perhaps I am missing something here, This seems a bit odd, in that a major ISP deploying these items would in fact leave routers, ok junior routers, this wide open. I really don't want to name the ISP in question openly for the obvious reasons, but has it really gotten to the point that Broadband for businesses is slapped in with no security and no education to the persons getting it? Sorry for the rant -Joe
* Joe Blanchard <jblanchard@wyse.com> [20010516 03:29]:
and seeing the changes I knew nothing had been done. On a whem, and sort of a bet, I did a scan of the ISP's net and found over 100 Cayman routers open, as well some odd 20 SpeedStream routers (simple password/login just give it admin and you have the keys to the kingdom so to speak). To me, and perhaps I am missing something here, This seems a bit odd, in that a major ISP deploying these items would in fact leave routers, ok junior routers, this wide open. I really don't want to name the ISP in question openly for the obvious reasons, but has it really gotten to the point that Broadband for businesses is slapped in with no security and no education to the persons getting it?
Yep. Although this is nothing new. The heavier deployment of xDSL and Cable to unsuspecting end-users has only made it more obvious. What do you expect when a new CPE (router or bridge) is handed to Joe Blow by their ISP with minimal security measures in place? He's certainly not going to know how to lock it down! The next several years are going to be interesting. Some ISPs are going to get bitten in the ass as their customers' networks are compromised. This has already happened in some cases but the ISPs are not yet feeling the costs from fixing the situations afterwards. Perhaps when they begin to they'll start working on being more pro-active. Or perhaps they are already feeling it..
Sorry for the rant
I'd rant at your ISP. It is their customers and, ultimately, them that will feel the pain. This industry isn't going away but we've still got a LOT of work to do. :-) -jr ---- Josh Richards <jrichard@{ geekresearch.com, cubicle.net }> [JTR38/JR539-ARIN] Geek Research, LLC - San Luis Obispo, CA - <URL:http://www.geekresearch.com/> KG6CYK - IP/Unix/telecom/knowledge/coffee/security/crypto/business/geek
On Wed, May 16, 2001 at 04:08:30PM -0700, Josh Richards wrote:
lock it down! The next several years are going to be interesting. Some ISPs are going to get bitten in the ass as their customers' networks are compromised. This has already happened in some cases but the ISPs are not yet feeling the costs from fixing the situations afterwards. Perhaps when they begin to they'll start working on being more pro-active. Or perhaps they are already feeling it..
What you're going to see, barring intervention from Big Brother in the US, is this: Over the next few years, business customers will begin demanding that their provider have insurance that covers hacker damage, both of the ISP's equipment and of customer equipment that's compromised due to compromised ISP equipment. The insurance companies that offer this will do security surveys (mostly perfunctory) to set premiums. Those ISPs that don't ensure customers are protected will pay huge premiums, which will raise their costs enough that competitors who do the right thing will be able to undercut them. Market forces will take over, and the balance will begin to shift over to ISPs filtering inbound by default, and only opening it up upon request. This will not cause increasing headaches for those of us with clue, however, because we'll know to tell the salesdroid upfront that we're firewalling, and salesdroid will know who to pass that information along to so somebody with clue on his end can give us a couple of quick questions to make sure we're running a config that the insurance company will grok.
participants (3)
-
Joe Blanchard -
Josh Richards -
Shawn McMahon