I am also a big fan of installing cake (sqm-scripts) in front cable devices.
On Thu, Feb 9, 2023 at 5:59 AM Todd Stiers <todd.sti...@gmail.com> wrote: > > [OP here] > > Just some minor follow up: > > - The tech was able to swap out their RG with the modem-only one that I had > sent (after making a couple phone calls). It didn't seem like they could > provision a user-supplied modem remotely for some reason, but it also sounded > like maybe this wasn't something they normally do, if ever. > > - The outgoing RG was an Evolution Digital EVO3000GW. The screenshots that > dropped were meant to show me attempting an admin password change, and it not > letting me. > > - AFAIK, no WAN ports were open, but UPnP was on by default. I neglected to > do a port scan on the WAN port before the equipment swap, but that probably > would've been prudent. > > - Sorry for not being clear about this before, but I'm fairly remote (~5 > hour drive), so my mom was acting as remote [somewhat arthritic] hands in all > this. > > - Since I'm remote, I had previously sent a raspberry pi that is running > both pi-hole (to mitigate the possibility of her or her partner clicking on a > malicious ad or pop-up that may compel them to inadvertently connect with a > call center scammer again) and ZeroTier. I use ZT to log in to this device, > which double NAT breaks, which is why I brought that up. Totally > understandable that most average customers don't use this, and a double-NAT > situation is probably fine for my mom's demographic. That said, to be sure, > the much bigger issue is that they're provisioning CPE with an unchangeable > "password." > > - I understand that this forum may not be quite the right fit for a post > like this, and am looking for others that may be more appropriate. My hope is > that this eventually gets to someone at Yondoo, or parent Mid-Atlantic > Broadband (AS29914), since something like this probably falls outside of the > wheelhouse of their tier 1 support, which was all we could get a hold of. > > Thanks to everyone who's responded -- I value all of your input. > > Cheers, > Todd > > On Wed, Feb 8, 2023 at 5:09 PM Jason R. Rokeach via NANOG <nanog@nanog.org> > wrote: >> >> It’s been a while, but attacks that take advantage of this are (or at least >> in the past have been) real. >> >> https://blog.sucuri.net/2014/09/website-security-compromised-website-used-to-hack-home-routers.html >> >> https://www.digitaltrends.com/web/javascript-malware-mobile/ >> >> I recall when this stuff first started to come out, leaning on RG vendors to >> fix their firmware to make their default passwords unpredictable based on >> information readily available on the LAN. >> In this case we’re not even talking about taking action this sophisticated… >> It seems to me that, having a customer willing and ready to secure >> themselves, preventing them from doing so is wildly inappropriate. >> >> >> On Wed, Feb 8, 2023 at 7:57 PM, Eric Kuhnke <eric.kuh...@gmail.com> wrote: >> >> I agree, but if we start listing every massive security vulnerability that >> can be found on the intra-home LAN in consumer-grade routers and home >> electronics equipment, or things that people operate in their homes with the >> factory-default passwords, we'd be here all month in a thread with 300 >> emails. >> >> I'm sure this ISP will realize what a silly thing they did if and when some >> sort of worm or trojan tries a set of default logins/passwords on whatever >> is the default gateway of the infected PC, and does something like rewrite >> the IPs entered for DNS servers to send peoples' web browsing to advertising >> for porn/casinos/scams, male anatomy enlargement services or something. >> >> >> >> On Wed, Feb 8, 2023 at 3:28 PM William Herrin <b...@herrin.us> wrote: >>> >>> On Wed, Feb 8, 2023 at 2:36 PM Eric Kuhnke <eric.kuh...@gmail.com> wrote: >>> > I would hope that this router's admin "password" interface is only >>> > accessible from the LAN side. >>> > This is bad, yes, but not utterly catastrophic. >>> >>> It means that any compromised device on the LAN can access the router >>> with whatever permissions the password grants. While there are >>> certainly worse security vulnerabilities, I'm reluctant to describe >>> this one as less than catastrophic. Where there's one grossly ignorant >>> security vulnerability there are usually hundreds. >>> >>> Regards, >>> Bill Herrin >>> >>> >>> -- >>> For hire. https://bill.herrin.us/resume/ -- This song goes out to all the folk that thought Stadia would work: https://www.linkedin.com/posts/dtaht_the-mushroom-song-activity-6981366665607352320-FXtz Dave Täht CEO, TekLibre, LLC
