crazy wroteHey,
So I was trying some "stuff" 10mn ago, I stumbled upon a huge security issue in ADSL router of an ISP in lebanon. You know how nobody except maybe us here change the default password of the box which is usually admin or sometimes nothing (depends on the brand of the router).
Well did you ever try to access the router using the external IP (WAN IP) of the modem? Well, you can, and the access is not blocked, it just asks for the username and passwd (which 99% of the population do not change) and tadaaa you have access to the router.
I knew that lebanese ISP regards security as a luxury, and even sometimes do not even consider it, but come on... this is huge, a simple access list would do the trick! a simple command!
Anyway, I felt that I needed to share this stupidity of ISPs (which is not the first nor the last) with you guys, and mind you that no router was damaged during this experience, and I wish nobody would use this method to attack or damage any router whatsoever.
Crazy
Yep, but even if they get access to the router i dont find it a big deal, the worst thing they can do is capturing your pppoe username and password, which is useless because accounts usually are assigned to phone numbers, at least in europe, and they should have access to the ISP network. They cannot use your internet connection making you pay extra charge. Another point is that they need to know your IP address which is dynamic at least for the DSL users in Lebanon where you get an IP everytime you switch on your computer.
My Linksys router has the WAN access blocked by default and it doesnt work unless you specify https in the address bar.
However you are correct, people should be aware of it, that wouldnt hurt.