Broadband hacking/tricking and Preventions

Networking/Security Forums -> Physical Security and Social Engineering

Author: ashu.wifiLocation: Heaven PostPosted: Thu Sep 11, 2008 9:15 pm    Post subject: Broadband hacking/tricking and Preventions
    ----
Hi all,

hacking has been the most vulnerable word in cyberspace.Everything on internet depends upon the bandwidth so it becomes an crucial thing to have and to get more and more.It entices the people.People like to purchase bigger plans just because they love the speed.But they are very careless about the very significant things like their account"s passwords.This following method tells that how an normal person having little knowledge of networking can trick yours account to get more bandwidth.This is not supposed to be used in practical as it is described for only knowledge purposes Smile

When you login via yours account generally you get an Dynamic ip.Suppose a person name SA logins gets an ip 116.17.170.1 and person ashu on same ISP gets ip 116.17.170.254 or different subnet.Here is ashu scans this particular subnet 116.17.170.0 in an ip scanner like angry ip scanner and this tool has an option called Webdetect this actually checks what is on your port 80 and generally your routers get detected when its get scanned and it indicates it via "green" color.A tricker simply right click over it open it in browser then you are asked for the user name and passwords(believe me 200 out of 254 ip u check are running on default passwords) and generally on all modern routers are having three-four defaults users.

user passwords
1.admin admin/password/11111
2.support support
3.user user
4.root(only via telnet) admin

after entering in the router/modem ashu goes into the WAN section of the router to see the account name like SA@BSNL.NET
Now he gets the account and i bet you that most of users like SA keep their passwords unchanged i mean most of ISP gives you an default reset password like 123bsnl here is the key that people like ashu use they try logging via this account SA@bsnl.net and password 123bsnl on their isp website if they succeed here they not even get their bandwidth but their mails and lots more.But if somebody has changed his or her password then still be hackable via the security questions.I tell you this is also so easy generally when an engineer comes to your home to set-up your account he also set up an security question and i can bet to you that these silly guys use the same on every house and its very easy to guess the answers and here comes the more dangerous situation even for an strong passworded account.Whatever you changes he can reset it easily.This is how it happens in generally.The account can be of any state like ashu belongs to banglore and SA belongs to delhi
this happens due to centralized authentication points in an ISP environment and yes it is on thier DNS servers.Besides hacking bandwidth ashu can tease SA by rebooting SA DSL router and also restoring the default setting to make it worse to work and this can be happen to even NON-hackable networks like if you are getting via phone-line where yours account is binded with yours telephone numbers .Almost all broadband routers in market today are linux based you can see this this via telneting to yours router.

Preventions are also very simple in your router change all default user"s passwords to personal passwords including the telnet passwords this is the password even i forget to change Very Happy.Secondly in the management section goto services and uncheck all services in the wan section except http and check all services in lan section this how i save my router to not be able to open via browser remotely when a person scans a particular subnet your router will also be shown their in scanned results but as an stealth one and it indicates it via "blue" color and even if he or she tries to open it will show you "page cant be found" some of you may be not agree with me on this note but this is how i keep my router safe.Also you should usually change your security questions and answers too.

Now go and change these things otherwise people like ashu will always have fun with the money of people like SA Wink



Networking/Security Forums -> Physical Security and Social Engineering


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group