PTCL Broadband router security issues. LESSON FOR ALL

Protecting your Linux box
qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

PTCL Broadband router security issues. LESSON FOR ALL

Postby qasali » Wed Sep 30, 2009 11:18 pm

Hi all,

Today i just sat at my computer. Its 12:00 am night and went to whatismyip.com. the site displayed the dynamic ip assigned to me by PTCL broadband.

I got curious about the ip range that PTCL has bought. I browsed www.ripe.net and clicked advance search. I selected APNIC as database. By the way APNIC stands for ASIA PACIFIC NIC. It contains the database of IPs assigned in Asia Pacific region. The result of the query returned was

inetnum: 119.152.0.0 - 119.159.255.255
netname: PTCLIPTVNET
descr: PTCL Triple Play Project
descr: Legacy Telco Service Provider
descr: Islamabad, Pakistan
country: PK
admin-c: IAB1-PK
tech-c: IAB1-PK
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
mnt-by: APNIC-HM
mnt-lower: MAINT-PK-PTCLBB
mnt-routes: MAINT-PK-PTCLBB
status: ALLOCATED PORTABLE
source: APNIC # Filtered
person: IMTIAZ AHMED BAIBERS
address: PTCL Headquarters, 5th Floor New Building
country: PK
phone: +92-332-513-5995
e-mail: ahmed.imtiaz@ptcl.net.pk
nic-hdl: IAB1-PK
mnt-by: MAINT-PK-PTCLBB
source: APNIC # Filtered

look at the 1st line. The range is 119.152.0.0 - 119.159.255.255 or 119.152.0.0/13.

This means that ptcl bought 8 x 255 x 254 = 518160 IPs.

Now i wanted to check how many hosts are online. Scanning 518160 ips is really time taking and i had to go to sleep for 6-7 hrs and then i may had gotten the result but i couldnt wait and pinged only 119.153.134.0/16. Thats also a large number (255 x 254 ips). After a scan of about 25000 ips i stopped the process. About 2125 users were online and some others may be (clever ones) if they have disable the ping access in the adsl router/modem.

Lol now i went ahead and tried 30 ips (thinking what have been hosted on these websites). But when i entered ips one by one in my internet browser it gave me the web page of routers of home users and u guys know each and everyone had default administrator username and password except one ip who has disabled the access to port 80 of external interface of the router.

Guys thats too much.

Knowledgable network guys must have understood what can be the consequences. One example when u use e-mule or a torrent software, u add port forwarding rules in a router. If a person adds a rule to map outside ips to local interface and any specfic port. Then with the help of a software, its dang ....

So please change the default admin-admin combination to admin-newpassword combination.

Also download the Cyber law crime act from www.fia.gov.pk for ur knowledge

Looking forward to comments

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Thu Oct 01, 2009 9:48 am

Watch out for the !
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?

qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

Postby qasali » Thu Oct 01, 2009 4:58 pm


lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Thu Oct 01, 2009 5:42 pm

Watch out for the !
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?

qasali
Cadet
Posts: 10
Joined: Thu Jan 22, 2009 9:12 am

Postby qasali » Sat Oct 03, 2009 12:57 pm



Return to “Security”

Who is online

Users browsing this forum: No registered users and 2 guests