PTCL Broadband router security issues. LESSON FOR ALL

Protecting your Linux box
Post Reply
qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

PTCL Broadband router security issues. LESSON FOR ALL

Post by qasali »

Hi all,

Today i just sat at my computer. Its 12:00 am night and went to whatismyip.com. the site displayed the dynamic ip assigned to me by PTCL broadband.

I got curious about the ip range that PTCL has bought. I browsed www.ripe.net and clicked advance search. I selected APNIC as database. By the way APNIC stands for ASIA PACIFIC NIC. It contains the database of IPs assigned in Asia Pacific region. The result of the query returned was

inetnum: 119.152.0.0 - 119.159.255.255
netname: PTCLIPTVNET
descr: PTCL Triple Play Project
descr: Legacy Telco Service Provider
descr: Islamabad, Pakistan
country: PK
admin-c: IAB1-PK
tech-c: IAB1-PK
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by: APNIC-HM
mnt-lower: MAINT-PK-PTCLBB
mnt-routes: MAINT-PK-PTCLBB
status: ALLOCATED PORTABLE
source: APNIC # Filtered
person: IMTIAZ AHMED BAIBERS
address: PTCL Headquarters, 5th Floor New Building
country: PK
phone: +92-332-513-5995
e-mail: ahmed.imtiaz@ptcl.net.pk
nic-hdl: IAB1-PK
mnt-by: MAINT-PK-PTCLBB
source: APNIC # Filtered

look at the 1st line. The range is 119.152.0.0 - 119.159.255.255 or 119.152.0.0/13.

This means that ptcl bought 8 x 255 x 254 = 518160 IPs.

Now i wanted to check how many hosts are online. Scanning 518160 ips is really time taking and i had to go to sleep for 6-7 hrs and then i may had gotten the result but i couldnt wait and pinged only 119.153.134.0/16. Thats also a large number (255 x 254 ips). After a scan of about 25000 ips i stopped the process. About 2125 users were online and some others may be (clever ones) if they have disable the ping access in the adsl router/modem.

Lol now i went ahead and tried 30 ips (thinking what have been hosted on these websites). But when i entered ips one by one in my internet browser it gave me the web page of routers of home users and u guys know each and everyone had default administrator username and password except one ip who has disabled the access to port 80 of external interface of the router.

Guys thats too much.

Knowledgable network guys must have understood what can be the consequences. One example when u use e-mule or a torrent software, u add port forwarding rules in a router. If a person adds a rule to map outside ips to local interface and any specfic port. Then with the help of a software, its dang ....

So please change the default admin-admin combination to admin-newpassword combination.

Also download the Cyber law crime act from www.fia.gov.pk for ur knowledge

Looking forward to comments
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

if anyone is responsible for this situation, it's ptcl for not configuring the modems correctly when handing them out to consumers. i hope you don't expect ordinary people to secure their modems -- that'll never happen. people don't bother to secure their computers, and instead, reinstall every few months whenever it "slows down".
Also download the Cyber law crime act from www.fia.gov.pk for ur knowledge
first of all, there is no "cyber law crime act". there's no such law. it's always been an ordinance, which means every time the president signs it into law, it expires after 90 days unless the national assembly makes it a law (which they haven't done for two years).

secondly, if it had been in force today, or if it had been a law, by revealing that you accessed other people's modems in public, you've made it clear to everyone that you broke the law! nothing justifies breaking the law in your case. you had no compelling reason to do so: by accessing someone else's modem, you weren't going to prevent someone's death or anything like that. you did it because you were curious, but being curious doesn't make your act acceptable.

i think it's really odd that you brought up the ordinance right after breaking it.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

Post by qasali »

I think u dont read the post properly. I said i thought i will access the websites which due to my ignorance came out be the routers web page.

In future read the post it properly and then comment it
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

I think u dont read the post properly. I said i thought i will access the websites which due to my ignorance came out be the routers web page.
oh, please. i know what you wrote. unfortunately, it's you who hasn't read the ordinance carefully.

read chapter 1, sections 2(a) and 2(l), and then read chapter 2, section 3. what you did was access devices that you weren't supposed to.

you don't have to click on any link on the modem's webpage to break the proposed law. you don't have modify the settings to break the proposed law.

simply loading the modem's webpage in your browser is punishable by the ordinance!

whether you expected to see websites (did you really expect any reliable company to host their website on a ptcl dsl link?!) or not, you accessed other people's devices, and thus broke the proposed law.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

Post by qasali »

lol. it was bcz i dont have enough knowledge of web hosting and other Internet aspects
Post Reply