Any folks on Viewqwest fibre?

crewcutboy · Aug 16, 2012

and you're obviously an obnoxious moron who jumps to conclusion just because you hide behind this wall of anonymity.

ceecookie · Aug 16, 2012

Lets enter people's routers and reboot it at random intervals :evil:

i-Movies · Aug 16, 2012

crewcutboy said:
it's not MUCH of a security issue because nothing can be done with those keys! it's not the admin password.

once you enter, from DHCP list, you can see the devices attached on that Router, with their own private IP, hostname, Mac address, and if you are lucky, the hostname could tell you what it is, ie, MyBookLive, you will know that is a NAS, add that IP to port forwarding, you can access NAS admin page, turn on its SSH, add port 22 to port forwarding too, you are free to login to NAS, download or delete contents, install spammer... that's very serious attack.

if you are not lucky, you can't access any of its devices, you may just change its wireless password, disable GE port WAN access, change setup password, drive the owner crazy and complain to NOC@VQ to death, that's hoax.

nobody accepts either way, so let's hope VQ fix it.

viewqwest · Aug 16, 2012

i-Movies said:
once you enter, from DHCP list, you can see the devices attached on that Router, with their own private IP, hostname, Mac address, and if you are lucky, the hostname could tell you what it is, ie, MyBookLive, you will know that is a NAS, add that IP to port forwarding, you can access NAS admin page, turn on its SSH, add port 22 to port forwarding too, you are free to login to NAS, download or delete contents, install spammer... that's very serious attack.

if you are not lucky, you can't access any of its devices, you may just change its wireless password, disable GE port WAN access, change setup password, drive the owner crazy and complain to NOC@VQ to death, that's hoax.

nobody accepts either way, so let's hope VQ fix it.

It's not actually a security issue of the router but rather an oversight on the part of Viewqwest.

We are resolving this issue by changing all of the passwords now. In future random passwords will be assigned to the default login.

i-Movies · Aug 16, 2012

viewqwest said:
It's not actually a security issue of the router but rather an oversight on the part of Viewqwest.

We are resolving this issue by changing all of the passwords now. In future random passwords will be assigned to the default login.

Changing the default password is ok for me, but I thought the router could do it better... My experience with some other wireless routers, they all by default, disable remote admin access, and if u really need it, you can config remote access port to prevent the URL from being easily guessed.

edwin21 · Aug 17, 2012

i-Movies said:
Changing the default password is ok for me, but I thought the router could do it better... My experience with some other wireless routers, they all by default, disable remote admin access, and if u really need it, you can config remote access port to prevent the URL from being easily guessed.

zhone is not some typical wireless router, it so all in one, that a misconfig could open the admin page on WAN, VQ need the remote admin to configure the zhone, if the config is right, the remote admin should only open on VQ NOC vlan and the LAN side.

i-Movies · Aug 17, 2012

edwin21 said:
zhone is not some typical wireless router, it so all in one, that a misconfig could open the admin page on WAN, VQ need the remote admin to configure the zhone, if the config is right, the remote admin should only open on VQ NOC vlan and the LAN side.

Agree.......

ceecookie · Aug 17, 2012

Interesting, i found out you can also telnet the Zhone router. After logging in, it provides a Cisco IOS-like configuration down to the "enable" command

Is the Zhone running on Cisco IOS? :s22:

viewqwest · Aug 17, 2012

edwin21 said:
zhone is not some typical wireless router, it so all in one, that a misconfig could open the admin page on WAN, VQ need the remote admin to configure the zhone, if the config is right, the remote admin should only open on VQ NOC vlan and the LAN side.

This is an interesting point. Lets see what we can do to make this happen.

edwin21 · Aug 17, 2012

the good thing is bridge mode user need not worry, only router mode user are affected

chaicka · Aug 17, 2012

viewqwest said:
This is an interesting point. Lets see what we can do to make this happen.

Maybe VQ can commission a small security task force within this community to 'poke around' VQ's fibernet. I am sure there are a few who is good in this and has ethnic.

SB, where are u? Hehehehe...

liangtam · Aug 17, 2012

When I saw the screenshot, I wanted to go poke around, but I guess not...

Anyway, can the DNS option be changed after logging in?

batboyz · Aug 17, 2012

liangtam said:
Anyway, can the DNS option be changed after logging in?

You can change the DNS, but question is, for what purpose? To use opendns and the likes?

You can also change the DHCP LAN IP range, Zhone's LAN IP, etc.

edwin21 · Aug 17, 2012

can bridge mode user also have access to the admin config using the unused lan port on zhone?

it is possible to set bridging the unuse lan port with port isolation to wifi and set it as extra AP for the home network

so become internet -> bridged zhone -> own router -> router lan port to zhone router unused port bridged to wifi as AP

AntonS · Aug 17, 2012

i-Movies said:
Changing the default password is ok for me, but I thought the router could do it better... My experience with some other wireless routers, they all by default, disable remote admin access, and if u really need it, you can config remote access port to prevent the URL from being easily guessed.

Due to the security concerns, we have decided to block remote WAN access to the Zhone, as well as SSH/Telnet access. Access to the Zhone's webUI will only be available from the LAN.
If anyone requires access from the WAN, please inform us by email with your details.

i-Movies · Aug 17, 2012

AntonS said:
Due to the security concerns, we have decided to block remote WAN access to the Zhone, as well as SSH/Telnet access. Access to the Zhone's webUI will only be available from the LAN.
If anyone requires access from the WAN, please inform us by email with your details.

That's good enough, thanks for following up.

jasmanng · Aug 17, 2012

AntonS said:
Due to the security concerns, we have decided to block remote WAN access to the Zhone, as well as SSH/Telnet access. Access to the Zhone's webUI will only be available from the LAN.
If anyone requires access from the WAN, please inform us by email with your details.

Did VQ also block port forwarding by any chance?
I'm unable to access my desktop since yesterday; it was ok beforehand.

liangtam · Aug 17, 2012

batboyz said:
You can change the DNS, but question is, for what purpose? To use opendns and the likes?

You can also change the DHCP LAN IP range, Zhone's LAN IP, etc.

To forward traffic to a intermediary rogue server and grab your traffic of course.
But all is fine now, since they block the 2 ports.

AntonS · Aug 17, 2012

jasmanng said:
Did VQ also block port forwarding by any chance?
I'm unable to access my desktop since yesterday; it was ok beforehand.

Please PM me your full name you signed up as and we'll take a look.

jasmanng · Aug 17, 2012

AntonS said:
Please PM me your full name you signed up as and we'll take a look.

PM sent. thanks for the quick response.

Any folks on Viewqwest fibre?

Member

Arch-Supremacy Member

Senior Member

Featured Sponsor for Internet Bandwidth & Networki

Senior Member

Supremacy Member

Senior Member

Arch-Supremacy Member

Featured Sponsor for Internet Bandwidth & Networki

Supremacy Member

Arch-Supremacy Member

High Supremacy Member

Master Member

Supremacy Member

Member

Senior Member

Junior Member

High Supremacy Member

Member

Junior Member