Major fail is present with a local isp

Status
Not open for further replies.
Lunas

Lunas

[H]F Junkie
Joined
Jul 22, 2001
Messages
10,048
So im at work and im looking at the nice Ubiquiti routers which i was dismayed to find were secured with the default password well i first change them to all less congested and different channels so the wireless will work better that works. Then i see a new one i did not see before like the other 4 it too was secured with the super secret default password. Well from this one i can see and access half of this isp's customers routers...ALL default passwords and user names on the routers... This serves anything from police stations to the hospital to individual homes... I feel sick at seeing so much fail 434 customers with their asses hanging in the wind waiting for anything to come along...

So what should i do call the local paper and tell them or just sit on my thumbs and forget what i saw...
 
What you did could be considered against the law, talking to the media or releasing the information even more illegal, depending on country.

Send them an email notifying them about the flaw and switch ISP's, imo.
 
hell no, collect credit card info, nude pics on computers, private info, and use that stuff to blackmail people and finance a lavish lifestyle.
 
Volcanon said:
What you did could be considered against the law, talking to the media or releasing the information even more illegal, depending on country.

Send them an email notifying them about the flaw and switch ISP's, imo.
Click to expand...
Well i only logged on my hotels public network and a few other public networks for public use but how i can see the other 434 people is using the discovery mode of the ubiquiti router and establishing a pattern with this isp that they never change it.

Also united states... Also not going to release any ip address or names of companies...
 
I really dont understand your 1st post can you please speak into something we can all understand? Because from what I am reading your just talking BS or what ever your talking about.
Because I own ubnt wireless router of course its going have default username/password and if your smart enough you would change that info and of course people just slap these routers in place and they dont change the default usernames/passwords.
 
Lunas said:
So im at work and im looking at the nice Ubiquiti routers which i was dismayed to find were secured with the default password well i first change them to all less congested and different channels so the wireless will work better that works. Then i see a new one i did not see before like the other 4 it too was secured with the super secret default password. Well from this one i can see and access half of this isp's customers routers...ALL default passwords and user names on the routers... This serves anything from police stations to the hospital to individual homes... I feel sick at seeing so much fail 434 customers with their asses hanging in the wind waiting for anything to come along...

So what should i do call the local paper and tell them or just sit on my thumbs and forget what i saw...
Click to expand...

Call the isp, be a nice guy and say hey i think you should lock this unit down. PERSONALLY if you know where the unit is, go talk to the person. Being a dick won't get you far or in any favor books. If the customer / person shruggs it off, well then in your mind say at least i tried to help. BUT make sure you educate them before giving up.

If your a it techie, and make money from this, it will go a long way, maybe they will hire you to help out etc etc.

Think positive, not negative :)
 
Going off and collecting things will just get you 10+ years in lockup. Just notify the ISP, if they shrug you off, notify the media, there will be such a public outrage that they'll have to fix it.
 
being the good samaratan (as it where) and informing people of this mess-up is, imho, more trouble than its worth. it leads to questions like "why was you trying to get into the network" etc etc

in an ideal world where everyone loved everyone then yeah let people know but in todays society - it's definatly not worth it.
 
I would tread carefully.

Consider calling the ISP from a disposable pay phone you purchased with cash, at a location you do not frequent. Call the ISP's support line let them know inform the person that you are recording the call. Tell them. Do not threaten them in any way shape or form.


Destroy the phone, preferably with a good wood fire use marshmellows. If the problem is still there in 30 days, Autonomously e-mail the info to the consumerist website and or broadbandreports.com. Do not give IP addresses or the brand of equipment. You should give them a region + or - a few hundred miles. Do not tell either how you found out or know that the units are unsecured, only that they are unsecure. Invite the media to uncover the problem. As long as you do not admit that you logged into someone else's equipment you should be legally protected.
 
how often this happens is actually pretty frightening. What is more frightening is how often this happens in the military. haha.
 
Mackintire said:
I would tread carefully.

Consider calling the ISP from a disposable pay phone you purchased with cash, at a location you do not frequent. Call the ISP's support line let them know inform the person that you are recording the call. Tell them. Do not threaten them in any way shape or form.


Destroy the phone, preferably with a good wood fire use marshmellows. If the problem is still there in 30 days, Autonomously e-mail the info to the consumerist website and or broadbandreports.com. Do not give IP addresses or the brand of equipment. You should give them a region + or - a few hundred miles. Do not tell either how you found out or know that the units are unsecured, only that they are unsecure. Invite the media to uncover the problem. As long as you do not admit that you logged into someone else's equipment you should be legally protected.
Click to expand...

thats going WAY over board, just call them and say hey, this network over here at this address uses the default username/ password. Let them know that and be done with it.
 
I've got at least 4 neighbors with wireless, linksys, etc. all with default passwords. I don't touch anything. It's not my property.

I'm a network professional, and I act like a professional. You should too. You should not be trying to discover networks on equipment that you don't own.
 
Motley said:
I've got at least 4 neighbors with wireless, linksys, etc. all with default passwords. I don't touch anything. It's not my property.

I'm a network professional, and I act like a professional. You should too. You should not be trying to discover networks on equipment that you don't own.
Click to expand...

Agree :)
 
im thinking im just going to forget about it i did not touch anything except the network that belonged to the hotel i might go ahead and change that but only after i ask my boss but even then i might not even bother then. Yeah it is depressing but it is far more troublesome to go and try to hide my identity to report this and i would rather not get fined or jailed for illegal wiretapping or some shit... but i will use this to influence my personal choice to what isp i recommend... my main goal with my looking was to get the hotels equipment to work rather than have all 3 ap and the router on the same channel as 19 other ap in the area...

oh and 3 pocketstations connected to an air router which connects to a nanostation m5 which is connected via 5ghz wireless n to the mesh network this "isp" uses... No wonder it does not work very well... All ubiquiti consumer grade equipment...
 
Well Ubnt does have Carrier Grade equipment and consumer grade and what the heck is pocketstations? I never heard anything from ubnt called that name. Yes I do use Ubnt equipment as consumer and Carrier Grade equipment. Again I am going to say people just slap the crap together and leaving the default info in there and there is some people change that stuff. But as it was before dont be going in there messing around or do anything because illegally they can come back and sue you or press charges for hacking which its a federal crime and land you some serious jail time. Best advice is just leave it alone and call the ISP or who ever owns the equipment and report it.

If the ISP doesnt do noting about then so be it but dont be wasting time or going into networks and looking around because it would called as hacking or unauthorized access.

You might want to look at this http://www.ncsl.org/default.aspx?tabid=13494 next time you try to enter other persons or business network because its federal crime on doing this.
 
Oh little mistake they are picostations not pocketstation and yeah im going to stop. I got the routers I have been given access to setup as best as they can be setup. And as has been pointed out im not comfortable with doing anything more...

Since there is no positive way this thread can go im locking it...
 
Status
Not open for further replies.
Back
Top