LebGeeks

A community for technology geeks in Lebanon.

You are not logged in.

#3351 July 26 2018

duke-of-bytes
Member

Re: Feedback for VISP

Aly wrote:

Lol, what the f***, i hope they get hacked.

The thing is their radius is facing the internet.. Any script kiddie with some brute force script and vpn ip changing might have a chance
Thanks god i am not "CCE"

Offline

#3352 August 1 2018

nuclearcat
Member

Re: Feedback for VISP

Ok guys, as embargo expired i can talk.

As person who was involved in this initiative(not my idea, but i liked it and supported as much as i can), and who was aware about details, this IP exposure is planned trap for DDoSers who are pounding all ISPs over Lebanon.
But way how people reacted, especially person called Tarek Halloun who bragged about this conversation left and right in linkedin and here as well, is showing me how horrendous is cybersecurity illiteracy in Lebanon.

Tarek, you embarrassed yourself to your guts, more than anybody else, while trying to embarrass someone else.
I will add picture from linkedin for more complete understanding:
tarek.jpg

Let me get to the points:
1)As i said, story about exposed IP is prepared trap for the analysis of subsequent events. This IP is exposed intentionally, gabish?
2)Publishing private conversation with someone is sign of absolute ignorance of netiquette. Anybody who call himself IT knows what netiquette means.
3)My illiterate friend, this is not a radius server, it's port redirect to billing frontend, to attract attention to it. But it seems it attracted idiots only.
Also, it is not radius, radius is a UDP protocol between BRAS and billing, go to RFC 2865 and further, for details. The system you observed is billing. I am not aware about this particular billing details, but i know secure billing - are secure by definition. Illiterate IT guys often think if they hide their insecure solution behind VPN, they make it secure. But as their planning horizon drops just behind their nose, they don't know, that stealing vpn credentials from reseller is more than trivial.
4)Answer to point 1 on picture
Vpn, Ipsec, tarek, you should learn, why VPN is used and when. Or do you think that pronouncing clever words in an inappropriate situation will make you look smarter?
VPN, especially IPSEC, has very specific situations when it should be used, and this is definitely not one of them.
Their billing use TLS v1.3, so it is "some kind of encryption" you didn't even noticed.
5)Answer to point 2
It is very specific subject, that very few people in Lebanon are aware, so no point to explain in details, and things you are telling is absolute bullshit. To get a bit educated, just check how much peering points, for example, voxility and cloudflare have, just to have little understanding. They are leaders of DDoS defense and you consider yourself smarter than them?
6)Answer to point 3 on picture
If you have doubt about "more protection", especially when you understand nothing about it - then better to not voice it.
7)Answer to point 4 on picture
You show also IT manager working at Socimex group capabilities, publishing this publicly, and forcing me to answer this publicly.
You should think twice before insulting others, and make sure you have enough expertise in the area you are going to criticize. Picking up the tops from cybersecurity knowledge here and there doesn't make you expert in this field.
My reason to post answer, because your silly comments you left everywhere is ruined one of efforts to catch cybercriminals. If you don't have anything to say enough smart, better zip your mouth.

P.S. Can't see whole post of Ali Askar, but i can say he is right at words at top of image
P.S.S. I am not working anymore at VISP, but i might join cybersecurity efforts at any ISP or company, if they will ask for help.

Last edited by nuclearcat (August 1 2018)

Offline

#3353 August 1 2018

duke-of-bytes
Member

Re: Feedback for VISP

Intentionanal exposed ip.. Riiiiiight.. This is not a honey pot my friend so stop defending your colleague and your ex company..
Also let's consider what you are saying is true.. Your salesperson could've explained without any details.. But i think this info is only for cce (i hid her name and pic btw.. There is no privacy or netiquette breach)
Good luck with your cybersecurity job..


But yo show you i did not have bad intentions.. I will remove the post.. You can even see that i said i will cobtactbtheir noc aka you (didn't know you quit)

Last edited by duke-of-bytes (August 1 2018)

Offline

#3354 August 1 2018

nuclearcat
Member

Re: Feedback for VISP

_It is_ sort of honeypot, you are wrong and i explained that.
It is not salesperson, it is one of top managers behind that account, intentionally provoking and irritating if someone start to talk about security, so potential attacker expose details about himself.
You think? Well you think wrong.
It's you, who chose to make conversation private and recipient expecting from you to keep it private.
The only excusable situation to make such conversation public, in case other side is publicly misinterpreting such conversation or accusing you in something, and such exposure of private conversation will make things clear. Instead, you, as worst example of netiquette - published everywhere(here, linkedin, where else?) this talk to make people laugh on some sales lady (as u was thought).
So i am publicly explaining, why this person, btw it is a guy, intentionally provoking you, as you tried to put him in bad light.
And by the way, i am not entirely sure, that this honeypot didn't worked, as this post raise questions:
honeypot2.png

Last edited by nuclearcat (August 1 2018)

Offline

#3355 August 1 2018

nuclearcat
Member

Re: Feedback for VISP

duke-of-bytes wrote:

But yo show you i did not have bad intentions.. I will remove the post.. You can even see that i said i will cobtactbtheir noc aka you (didn't know you quit)

Really?
So, you thought i'm still working here, and you posted this publicly to embarass company where i am supposedly working.
While you can pm me.
It makes situation even more bad.

Last edited by nuclearcat (August 1 2018)

Offline

#3356 August 1 2018

duke-of-bytes
Member

Re: Feedback for VISP

A guy with a female profile?.. Man stop this bullshit.. I didnt share the girl's name or pic.. But if you keep up this charade i will be glad to post them.

Offline

#3357 August 1 2018

nuclearcat
Member

Re: Feedback for VISP

Well, ok, i will try to explain more simple language.
Company direction to sales, as example(not this particular one): if someone talk about security, directly call head of security department and he will continue conversation, as qualified person for such things, under your profile.

Offline

#3358 August 1 2018

duke-of-bytes
Member

Re: Feedback for VISP

Then please tell your head of security to have more respect and patience toward people who are not "cce" and barely knows how to ping...
Have a nice day

Offline

Board footer