zeroex
Supremacy Member
- Joined
- Apr 21, 2001
- Messages
- 5,078
- Reaction score
- 0
18th Sep midnight:
Went home to find internet not working. My Asus router was fine, check the WAN ip and found that i was assigned a internal ip address (192.168.1.10) from the ISP.
it seems that I am connected to a internal subnet, could be another vq customer's. Map the network and found a few pc and phones connected.
The router apparently is a netgear router (i think its provided/configured by VQ?) and guess what? Default admin/password credentials. I was able to login, just to take screen shots. (will post ss later as pic not with me)
Called tech support, a pinoy sounding staff (Joshua) took the call and i explain the problem. He doesnt know what i am talking about. he only offered to reconfigure my ONT modem to get back the ISP static ip.
I explain this is a serious security incident, that they actually link or misconfigure customer's subnet together, using default password.
He say he is junior staff, so I ask for senior staff or mgr, he say no one in the office. Their 24hr NOC has only 2 staff, with no mgr or security incident management plan.
He dont know who did it (no audit trail of their staff configuring customer device, hence any staff can potentially misconfigure customer device and gain entry into their private network) LUCKY i am using my OWN ROUTER , if i am using their router or setup I would be exposed to dunno how many people.
He offered to get a mgr to call me back. I ask him if there are any customer who encountered this issue, he say dont know, if got wait for them to call techsupport. (facepalm)
19th Sep
Noon: No response or call back from VQ.
3pm: VQ support called but I was unable to pick up.
430pm: VQ tech sp eng (Shift lead) called back.
His explanation:
There was an unannounced maintenance going on by Zhone (the company).
Zhone had pushed out firmware upgrades to fix some network spd and connectivity problems experienced by other VQ users, and apparently VQ had no control over that.
Some of the firmware upgrade result in the modem booting into a default state, which ended up in the internal ip. (meaning to say a number of users could potentially have all end up in the same subnet)
He was trying to gather more info from me, and i explain the situation (above) to him nicely. I ask him HOW is this report going to be made known to mgt, (esp since they have network security business, and isnt this a big ***** breach?) At this pt, it is still a "helpdesk ticket", not a "security incident" that is escalated to any manager yet. (i dont blame him, it is VQ protocl/procedure, so he just following by the book) he told me he will monitor my connection, and at the same time, run tru the other customer's config to see if similar situation pop up (which obviously have, if not i wont be able to access rite?)
Can you imagine if this is corporate networks? Esp if they running private lines or mpls where its suppose to be isolated?
I dunno about u, but really wtf siah.
Additional info:
he said VQ only has 2 shift. (8am-4pm, 4pm-1am)
Maybe anything between 1am-8am is for the poor hapless tech support intern with a instruction manual. LOL
Went home to find internet not working. My Asus router was fine, check the WAN ip and found that i was assigned a internal ip address (192.168.1.10) from the ISP.
it seems that I am connected to a internal subnet, could be another vq customer's. Map the network and found a few pc and phones connected.
The router apparently is a netgear router (i think its provided/configured by VQ?) and guess what? Default admin/password credentials. I was able to login, just to take screen shots. (will post ss later as pic not with me)
Called tech support, a pinoy sounding staff (Joshua) took the call and i explain the problem. He doesnt know what i am talking about. he only offered to reconfigure my ONT modem to get back the ISP static ip.
I explain this is a serious security incident, that they actually link or misconfigure customer's subnet together, using default password.
He say he is junior staff, so I ask for senior staff or mgr, he say no one in the office. Their 24hr NOC has only 2 staff, with no mgr or security incident management plan.
He dont know who did it (no audit trail of their staff configuring customer device, hence any staff can potentially misconfigure customer device and gain entry into their private network) LUCKY i am using my OWN ROUTER , if i am using their router or setup I would be exposed to dunno how many people.
He offered to get a mgr to call me back. I ask him if there are any customer who encountered this issue, he say dont know, if got wait for them to call techsupport. (facepalm)
19th Sep
Noon: No response or call back from VQ.
3pm: VQ support called but I was unable to pick up.
430pm: VQ tech sp eng (Shift lead) called back.
His explanation:
There was an unannounced maintenance going on by Zhone (the company).
Zhone had pushed out firmware upgrades to fix some network spd and connectivity problems experienced by other VQ users, and apparently VQ had no control over that.
Some of the firmware upgrade result in the modem booting into a default state, which ended up in the internal ip. (meaning to say a number of users could potentially have all end up in the same subnet)
He was trying to gather more info from me, and i explain the situation (above) to him nicely. I ask him HOW is this report going to be made known to mgt, (esp since they have network security business, and isnt this a big ***** breach?) At this pt, it is still a "helpdesk ticket", not a "security incident" that is escalated to any manager yet. (i dont blame him, it is VQ protocl/procedure, so he just following by the book) he told me he will monitor my connection, and at the same time, run tru the other customer's config to see if similar situation pop up (which obviously have, if not i wont be able to access rite?)
Can you imagine if this is corporate networks? Esp if they running private lines or mpls where its suppose to be isolated?
I dunno about u, but really wtf siah.
Additional info:
he said VQ only has 2 shift. (8am-4pm, 4pm-1am)
Maybe anything between 1am-8am is for the poor hapless tech support intern with a instruction manual. LOL
Last edited:
