Scanning MTNL's ip space, I noticed with a faint sense of horror that a script kiddie could DOS MTNL's service pretty thoroughly in the space of about half an hour, since most of MTNL's modems allow wan access and have a default username/password combination. Other details are then available, which will apparently allow a cracker to abuse the victim's account.
Allegedly MTNL doesn't use caller ID as part of its authentication. If this is true (I find it hard to believe this), then MTNL is being inexcusably negligent. Of course, MTNL doesn't have much incentive to stop this, since they just pass the bill on to users (and if the user doesn't have an unlimited account, too bad). If this is not true, then the crackers who are using cracked accounts are likely being naive idiots. So another tip for users is: Make sure you have all WAN services disabled in Management->Access control-> services to avoid this sort of abuse. regards PJ _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
