As I recall, the unit in question had a severely flawed "auto" channel selection algorithm that always, without fail, landed on the first OCCUPIED channel. It was pretty terrible.
On Tue, Nov 12, 2013 at 4:18 PM, James Sink <james.s...@freedomvoice.com>wrote: > "Personally I have fond memories of going into my neighbor's router, > flashing it with dd-wrt which allowed manual channel setting, and moving it > off of the same wifi channel mine was on.... That was probably not a great > idea, but you do what you have to sometimes." > > Props on that, but wouldn't it have been easier to simply change your > channel setting? > -James > > -----Original Message----- > From: Tom Morris [mailto:bluen...@gmail.com] > Sent: Tuesday, November 12, 2013 9:59 AM > Cc: NANOG list > Subject: Re: CPE dns hijacking malware > > EXTREMELY common. Almost all Comcast Cable CPE has this same login, > cusadmin / highspeed At least on AT&T U-Verse gear, there's a sticker on > the modem with the password which is a hash of the serial number or > something equally unique. > > Almost all home routers also tend to have the default credentials. > > I'm actually surprised it was this long before XSS exploits and similar > garbage started hitting them. > > Personally I have fond memories of going into my neighbor's router, > flashing it with dd-wrt which allowed manual channel setting, and moving it > off of the same wifi channel mine was on.... That was probably not a great > idea, but you do what you have to sometimes. > > > On Tue, Nov 12, 2013 at 10:57 AM, Matthew Galgoci <mgalg...@redhat.com > >wrote: > > > > Date: Tue, 12 Nov 2013 06:35:51 +0000 > > > From: "Dobbins, Roland" <rdobb...@arbor.net> > > > To: NANOG list <nanog@nanog.org> > > > Subject: Re: CPE dns hijacking malware > > > > > > > > > On Nov 12, 2013, at 1:17 PM, Jeff Kell <jeff-k...@utc.edu> wrote: > > > > > > > (2) DHCP hijacking daemon installed on the client, supplying the > > hijacker's DNS servers on a DHCP renewal. Have seen both, the latter > > being more > > > > common, and the latter will expand across the entire home subnet > > > > in > > time (based on your lease interval) > > > > > > I'd (perhaps wrongly) assumed that this probably wasn't the case, as > > > the > > OP referred to the CPE devices themselves as being malconfigured; it > > would be helpful to know if the OP can supply more information, and > > whether or not he'd a chance to examine the affected CPE/end-customer > setups. > > > > > > > I have encountered a family members provider supplied CPE that had the > > web server exposed on the public interface with default credentials > > still in place. It's probably more common than one would expect. > > > > -- > > Matthew Galgoci > > Network Operations > > Red Hat, Inc > > 919.754.3700 x44155 > > ------------------------------ > > "It's not whether you get knocked down, it's whether you get up." - > > Vince Lombardi > > > > > > > -- > -- > Tom Morris, KG4CYX > Mad Scientist and Operations Manager, WDNA-FM 88.9 Miami - Serious Jazz! > 786-228-7087 > 151.820 Megacycles > > -- -- Tom Morris, KG4CYX Mad Scientist and Operations Manager, WDNA-FM 88.9 Miami - Serious Jazz! 786-228-7087 151.820 Megacycles