Viewqwest security issue and horrible service

[derrickgoh]

Used to be on VQ myself and glad I’m not anymore. I’m currently on M1 and starhub. I’d say they’re ok but compared to my experience withVQ, definitely a lot better. Keep in mind there are no “perfect” ISPs (if there is such a thing), it really comes down to what you need at this point. Check out Dryteletubby’s post and research some more, especially the fine prints and the posts in this forum. There are some seriously knowledgeable folks here (as well as idiots but I think you’ll be able to spot the difference ).

Bottom line, pick what you think works best for your use case; avoid the rubbish ISPs like VQ.

Same. Had it with VQ, happier now on singtel.

 

[fi5hbone]

Happy to have jumped ship as well. Torrid time with VQ.

Sent from HUAWEI CLT-L29 using GAGT

 

[KalTorak]

Respond from VQ:

"First of all, we are from ViewQwest appreciate for your feedback regards to this issue.

I had your case discussed with our higher management in the meetings. I would say that this whole dark cloud may have a silver lining. We will taken up action to overcome this kind of issue in the future.

After all, i will keep your case open to monitor if the issue happen again.

Should you have any further concerns in the meantime,simply respond as I will be here to help. Thank you for your unwavering support."


Cant believe they never have any protocol for this kind of thing happening at all. Are they not audited?

I dunno about unwavering support, im thinking of signing up starhub now that they have promo lol

Not sure why you ppl are surprised about this. This is not the first time VQ had such security issues, which they acknowledged and then just swept under the rug. At least this time they used 'silver lining' as an explanation to keep users quiet.

In the past, VQ users were able to login each other Zhone routers and make changes to some basic settings, mess around with WiFi settings, etc. VQ response back then was that it was NOT a 'security issue' but was an 'oversight'.

2012
Sources:
https://forums.hardwarezone.com.sg/next-generation-broadband-network-ngbn-forum-320/any-folks-viewqwest-fibre-3271541-229.html
https://forums.hardwarezone.com.sg/next-generation-broadband-network-ngbn-forum-320/any-folks-viewqwest-fibre-3271541-230.html

Quotes:
https://forums.hardwarezone.com.sg/69167894-post3431.html
https://forums.hardwarezone.com.sg/69177478-post3443.html

Screencap from a user:

VQ response:
https://forums.hardwarezone.com.sg/69177972-post3444.html

Basically they will change the Zhone passwords to random instead of default passwords, but DID they?


2015

Up to 32,000 could be affected by wireless router vulnerabilities: Security firm

Vantage Point also highlighted that “thousands of ViewQwest users to be particularly vulnerable”. Mr Yang wrote that they use the Zhone GPON router with a “statically assigned Internet Protocol (IP) address with all default services exposed on the Internet”.

Based on the vulnerability, it is possible to compromise these routers “at will” and hackers may obtain the subscriber’s name and residential address. They may also install malware or manipulate the user’s network traffic, according to the blogpost.
..
..
..
“The main issue is that too many default services are exposed over the wide area network (WAN) interface. Users should change the default passwords on the routers and disable WAN access.”

Those who have login to the Zhone before would know that the Web UI shows the fibre Circuit ID, subscriber's name and residential address where the router is installed at. You'd think they would definitely change the default passwords back then, well NO!

More Recently

Just last year (or maybe 2 yrs ago), while still on VQ and was testing my own router for vulnerabilities/etc, I used http://openresolverproject.org/ to check for open resolvers. As many may be aware, open resolvers are often used in DDoS, typically in DNS/NTP amplification attacks.

Back when the website was working (it doesn't list anything now), I was shocked to see many other VQ IPs (testing your own IP will list down entire /22 subnet of the same ISP) running open DNS resolvers. Most are Zhone devices configured in Router mode while some were Mikrotik devices. My Zhone back then was running in bridged mode, hence not affected.
Worst part was a lot of those Zhones had WAN access enabled, with the DEFAULT passwords (User/user) as mentioned here.
This meant that anybody on the Internet is able to login and view the basic settings, which as I've mentioned earlier include the fibre Circuit ID and RESIDENTIAL address. (I've checked, they did not limit router WAN access from FiberNet subnets only, so its practically open to ALL).

So....you'd think they would have changed the DEFAULT logins and disable WAN access after the previous incidents in 2012 and 2015 (maybe more)?
As I'm no longer using this ISP, maybe those existing VQ users can verify if this indeed has been fixed.
However, the issue raised by TS makes me wonder if VQ simply just doesn't care.

 

[zeroex]

Not sure why you ppl are surprised about this. This is not the first time VQ had such security issues, which they acknowledged and then just swept under the rug. At least this time they used 'silver lining' as an explanation to keep users quiet.

In the past, VQ users were able to login each other Zhone routers and make changes to some basic settings, mess around with WiFi settings, etc. VQ response back then was that it was NOT a 'security issue' but was an 'oversight'.

2012
Sources:
https://forums.hardwarezone.com.sg/next-generation-broadband-network-ngbn-forum-320/any-folks-viewqwest-fibre-3271541-229.html
https://forums.hardwarezone.com.sg/next-generation-broadband-network-ngbn-forum-320/any-folks-viewqwest-fibre-3271541-230.html

Quotes:
https://forums.hardwarezone.com.sg/69167894-post3431.html
https://forums.hardwarezone.com.sg/69177478-post3443.html

Screencap from a user:

VQ response:
https://forums.hardwarezone.com.sg/69177972-post3444.html

Basically they will change the Zhone passwords to random instead of default passwords, but DID they?


2015

Up to 32,000 could be affected by wireless router vulnerabilities: Security firm



Those who have login to the Zhone before would know that the Web UI shows the fibre Circuit ID, subscriber's name and residential address where the router is installed at. You'd think they would definitely change the default passwords back then, well NO!

More Recently

Just last year (or maybe 2 yrs ago), while still on VQ and was testing my own router for vulnerabilities/etc, I used http://openresolverproject.org/ to check for open resolvers. As many may be aware, open resolvers are often used in DDoS, typically in DNS/NTP amplification attacks.

Back when the website was working (it doesn't list anything now), I was shocked to see many other VQ IPs (testing your own IP will list down entire /22 subnet of the same ISP) running open DNS resolvers. Most are Zhone devices configured in Router mode while some were Mikrotik devices. My Zhone back then was running in bridged mode, hence not affected.
Worst part was a lot of those Zhones had WAN access enabled, with the DEFAULT passwords (User/user) as mentioned here.
This meant that anybody on the Internet is able to login and view the basic settings, which as I've mentioned earlier include the fibre Circuit ID and RESIDENTIAL address. (I've checked, they did not limit router WAN access from FiberNet subnets only, so its practically open to ALL).

So....you'd think they would have changed the DEFAULT logins and disable WAN access after the previous incidents in 2012 and 2015 (maybe more)?
As I'm no longer using this ISP, maybe those existing VQ users can verify if this indeed has been fixed.
However, the issue raised by TS makes me wonder if VQ simply just doesn't care.

Thanks for your informative post... def gonna jump ship....
Fortunately I am running in bridge mode too... those using the zhone as their router.... really good luck man...

 

[zeroex]

I am on M1. Only downside compared to viewquest is the lack of free static IP. But with M1 you get a IPv6 address as well.

Myrepublic use CGNAT so it's a instant no for me.

Starhub got some small issue with their DNS and ipv6 reliability.

Singtel will lock you into their ONR.

Whizcomms is basically Singtel without the lockdown ONR.

Thanks, I may use starhub as getting all 3 services got discount... DNS issues can be resolved with custom dns providers? (e.g. openDNS?)
Not really in need of ipv6 at the moment... but static ip was really useful

 

[dryteletubby]

Thanks, I may use starhub as getting all 3 services got discount... DNS issues can be resolved with custom dns providers? (e.g. openDNS?)
Not really in need of ipv6 at the moment... but static ip was really useful

Yes. Imo you should not use the default DNS regardless of ISP. In replace of the static ip, you could use a custom ddns.

 

[derrickgoh]

Yes. Imo you should not use the default DNS regardless of ISP. In replace of the static ip, you could use a custom ddns.

What’s wrong w default DNS leh? Btw where is wetteletubby?

 

[dryteletubby]

What’s wrong w default DNS leh? Btw where is wetteletubby?

Our ISP all use DNS poisoning on their own DNS resolver to comply with censorship requirements. 3rd party DNS can access censored website.

 

[crewcutboy]

Yes. Imo you should not use the default DNS regardless of ISP. In replace of the static ip, you could use a custom ddns.

That's terrible advice.

Not everyone wants to get pass the token censorship imposed on a handful of websites, and unless you want to, your ISP's DNS should be default for most people.

That's because by using third-party DNS services, you risk losing optimal routing or caching arrangements, especially for Content Delivery Networks like Akamai or any direct peering arrangements your ISP may have with popular sites.

Therefore your download speeds may actually become slower.

 

[Trans-Am]

Our ISP all use DNS poisoning on their own DNS resolver to comply with censorship requirements. 3rd party DNS can access censored website.

Any risk when using 3rd party dns?

Sent from
Stay low Move fast !
Shoot first Die last !
One shot One kill !
No luck Pure skill !!
using GAGT

 

[dryteletubby]

That's terrible advice.

Not everyone wants to get pass the token censorship imposed on a handful of websites, and unless you want to, your ISP's DNS should be default for most people.

That's because by using third-party DNS services, you risk losing optimal routing or caching arrangements, especially for Content Delivery Networks like Akamai or any direct peering arrangements your ISP may have with popular sites.

Therefore your download speeds may actually become slower.

My understanding is that most DNS servers regardless of 1st party ISP or a 3rd party one like google will use EDNS which contains your geo location data amongs other things which help route your traffic to the best CDN.

Only DNS resolvers like cloudfare don't use it for privacy reasons and there is some complains like slow apple app updates etc.

 

[squarepipe]

My understanding is that most DNS servers regardless of 1st party ISP or a 3rd party one like google will use EDNS which contains your geo location data amongs other things which help route your traffic to the best CDN.

Only DNS resolvers like cloudfare don't use it for privacy reasons and there is some complains like slow apple app updates etc.

That explains my slow mac apps update when I change to cloudfare DNS... Will switch to google DNS

edit.

Tried google DNS. now app update speeds back to normal

https://www.reddit.com/r/HomeNetworking/comments/8ab2vo/cloudflare_dns_slow_apple_downloads/

 

[squarepipe]

Any risk when using 3rd party dns?

Now will have a 3rd party know your browsing habits instead of just your ISP.

 

[zoneguard]

That's terrible advice.

That's because by using third-party DNS services, you risk losing optimal routing or caching arrangements, especially for Content Delivery Networks like Akamai or any direct peering arrangements your ISP may have with popular sites.

Many CDNs and popular sites nowadays use anycast and not DNS to deliver contents.

 

[zoneguard]

Now will have a 3rd party know your browsing habits instead of just your ISP.

The ISP may not have any privacy agreement not to sell your data away.

Quite a few 3rd party DNS resolvers have privacy agreements in place.

Anyway it's the individual's choice.

 

[miloaisdino]

Some isp like Singtel also sniff and filter http port 80 traffic.. but can bypass using https

 

[DriftKing]

Actually how do you check what is the Static IP issued by VQ?

My WAN IP starts with 132.xxx.xx.xxx

 

[uncle_josh]

That's terrible advice.

Not everyone wants to get pass the token censorship imposed on a handful of websites, and unless you want to, your ISP's DNS should be default for most people.

That's because by using third-party DNS services, you risk losing optimal routing or caching arrangements, especially for Content Delivery Networks like Akamai or any direct peering arrangements your ISP may have with popular sites.

Therefore your download speeds may actually become slower.

Not really true. You want optimise route, its better to contact your ISP to optimise the route for you.

3rd Party DNS such as OpenDNS give you speed & security. ISP DNS such as Starhub sucks. How many times 3rd party DNS save me from bad internet connection every time when the ISP DNS go bersak.

 

[giraffey]

Actually how do you check what is the Static IP issued by VQ?

My WAN IP starts with 132.xxx.xx.xxx

whatismyip.com

 

[DriftKing]

whatismyip.com

But as OP said VQ would change the IP to a wrong one, so how do you know which is the correct IP we should have?