[AusNOG] ABC 4Corners - What's Wrong with the NBN?

Giles Pollock glp71s at gmail.com
Tue Oct 24 11:43:32 EST 2017


Bingo, and thats pretty much what we ended up doing, along with getting
hold of the OEM firmware for the router and pulling it apart so we could
figure out how to exploit the local CGIs to divulge all local configuration.

It was what gathering the information from the ACS also exposed which was a
lot more concerning. I don't doubt there are some on this list who know
exactly what issue I am talking about as well. For obvious reasons I don't
intend to go into any further details about that, other than to say I will
absolutely never let any ISP handle the configuration of my router for me.

On Tue, Oct 24, 2017 at 11:31 AM, Philip Loenneker <
Philip.Loenneker at tasmanet.com.au> wrote:

> Personally, I would rather have less access to that kind of information so
> that you have less responsibility to collect it… I seem to recall the data
> retention legislation being very clear that if you don’t have access to
> information, you aren’t required to collect it. I think this is more about
> making the Apple-using customers happier because the services “just work”,
> regardless of how locked in or privacy-encroaching it may be.
>
>
>
> Also… TR-069 is plain text, so couldn’t you sniff the packets to get the
> config? You may have to factory reset the ISP-provided router to force it
> to do a full refresh, but that and packet captures is something I’m sure
> many of us would do regularly.
>
>
>
> *From:* AusNOG [mailto:ausnog-bounces at lists.ausnog.net] *On Behalf Of *Giles
> Pollock
> *Sent:* Tuesday, 24 October 2017 11:23 AM
> *Cc:* ausnog at ausnog.net
> *Subject:* Re: [AusNOG] ABC 4Corners - What's Wrong with the NBN?
>
>
>
> Difference is on NBN your landline is converted to a VoIP line and
> provided by the ISP. Said ISP won't divulge the SIP configuration so if you
> want to use it you're locked in to using their provided router. A router
> which dials home for config and happily feeds back all the leases it gives
> out to client devices back to the ISPs controller.
>
>
>
> I understand networks perfectly well. The difference here is that the
> router is not usually preconfigured, rather it pulls its config down using
> TR-069. Not usually a problem if you don't mind plaintext configuration
> being sent. The issue however is that the ISP in question refuses to
> divulge the SIP configuration, so it simply isn't possible to get away from
> using their poorly configured and insecure router unless you're prepared to
> do without the line you're paying for, or fiddle with the router until you
> can force its heavily gimped down firmware to divulge things it isn't
> supposed to divulge. You can't even turn off the service to prevent it
> reporting back.
>
>
>
>
>
>
>
> On Tue, Oct 24, 2017 at 11:08 AM, Robert Hudson <hudrob at gmail.com> wrote:
>
> On 24 October 2017 at 10:37, Giles Pollock <glp71s at gmail.com> wrote:
>
>
>
> On that topic... What is everyone's thoughts on the prospect of ISPs
> recording and having access to internal network data, such as knowing what
> devices are given what DHCP leases and the like? Seems a bit invasive to me
> given none that I'm aware of make it known to the consumer that they will
> attempt to collect this information...
>
>
>
> This is no different on the NBN than it is for anyone who has, over the
> last however many years ADSL and HFC cable services have been offered,
> connected their internal network to an ISP-supplied ADSL/HFC router which
> provides DHCP services.
>
>
>
> If you understand networks enough to recognise the risks, chances are
> you're not relying on your ISP to hand out your DHCP leases.  If you don't
> understand, you don't know what you don't know, and are in the same
> situation you've always been on.
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20171024/c522b857/attachment.html>


More information about the AusNOG mailing list