Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[guest]

http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=beunlimited&Number=3211872&page=0&view=expanded&sb=5&o=0

What's that I can smell? Cows is it? Horses? Hmm no I've got it - its bull faeces!

Regular readers will remember me warning MrChris about Be's dodgy DNS months ago. My DNS logs were full of tens of thousands of malformed DNS responses from Be's DNS and at one point I gave serious consideration as to whether Be's DNS had been compromised. I decided they probably weren't at the time but this has changed my mind and I now think they are.

Be doesn't have any network to speak of - all the backhaul is BT's (or Level3 from BT to Be). The mailserver is junk and has been for years. The DNS is (IMHO) probably compromised and certainly isn't capable of handling requests for Be's 45,000 customers. The DHCP servers bomb regularly... etc etc etc.

Be have history of booting off customers that raise awkward questions too so it wouldn't surprise me if these are the people Mr Coles is "removing service" from. I'll wait to see what turns up on El Reg

O2 want to launch IPTV on this network too. That should be amusing to watch given their technical expertise (or the lack of it).

[guest]

Then again perhaps if it is the users then it isn't really their fault?

http://www.theregister.co.uk/2007/04/17/hackers_service_terminated/

This was widely known amongst the more "techie" users - I certainly closed the holes long before I read that.

Supposedly fixed now but if the passwords were changed (as I did on my BeBox to keep Be out) then how many got owned before Be tried to rollout the fix? Chickens coming home to roost perhaps

One thing for sure, Be's DNS has cache settings that just invite cache poisoning 

[kitz]

Havent had chance to read it all..
But from what I have seen thats some hellish going.. 
Excuse my ignorance but surely thats a heck of a lot of compromised PCs...  or someones really targetting Be for whatever reason?

[guest]

Well its my understanding that Be/O2 were only running one DNS machine* last week/this weekend. Why they were down to one DNS box I don't know but clearly that box was incapable of handling customer DNS requests.

Re the BeBox vulnerabilities :

http://blogs.securiteam.com/index.php/archives/826

Then down in the list of comments you'll find :

Dan Harris, on April 18th, 2007 at 6:59 pm Said:

Be were notified of this problem on the 15th March 2006 by email - I still have a copy of the email.

Frankly given today’s libellous statement by Dana Pressman their MD I am surprised you are not suing Be.

That's ircsome (www.dontbethere.co.uk) who I believe at the time was reselling Be connections to his clients. Unsurprisingly he doesn't now

So work it out for yourself - anyone who read ircsome's forums would have known by mid-2006 that there were serious vulnerabilities in the BeBox. Be rolled out some sort of fix in June 2007 (IIRC) but obviously the fix (a script IIRC) would only work if the passwords and holes were still there. Now the VERY first thing I'd do if it were me "hacking" the routers is of course to change the support logins so they couldn't stop me logging into the BeBox, wouldn't you?

Be didn't inform their customers of these vulnerabilities.

I told you they were muppets didn't I kitz?


*which has two customer-facing interfaces (IP addresses) for some truly bizarre reason.

[guest]

Sorry I've just re-read your post kitz. Its not the PC that would have got owned - its the router. Perfect for phishing because you can change the DNS servers which the router uses. Sniff all the traffic, change firewall settings, whatever.

Be left their users open to that risk for more than a year then blamed that poor sod for it.

Ms Pressman has (thankfully) left (pushed) but you can guess how much credence I give to Be saying "its the users fault"

Edit - also because of the way Be does things I tend to suspect that Be doesn't "see" traffic between BeBoxes on the same /24 subnet.

[kitz]

>> were only running one DNS machine*



>> *which has two customer-facing interfaces

okaaaaaaaaaay
- excellent redundancy

>> Its not the PC that would have got owned - its the router.

Perhaps me being in a rush - meant users who had some sort of nasty that was doing the attacking.

Interesting to read the Be box thing again - I do recall seeing it first time round - but cant ever recall the bit about sid being kicked off.  Some pretty harsh comments imho from some of the elreg readers.  Okay he shouldnt have published the passies - but if Be had been notified of this exploit over a year ago, then it should have been patched :/

>> I give to Be saying "its the users fault" Wink

After reading the elreg stuff - yep I can.

[guest]

There is no redundancy on the DNS. They are all physically located in the same place and (IIRC) most of them are on the same subnet.

Can't help wondering if "Networking For Dummies" is the Be company manual

[guest]

Looks like Be have decided they don't know how to run DNS :

http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=beunlimited&Number=3214607&page=0&view=expanded&sb=5&o=0

Be are forwarding everything to OpenDNS now so Be users are likely to find UK content unavailable on sites like the BBC (you go to Telehouse NY). Nice Christmas present (NOT!) and an intriguing way of preventing usage of the BBC iPlayer

As an aside I was clearing out my server DNS logs and found a few dozen entries showing clearly that one of Be's customer facing DNS servers is non-recursive. Networking For Dummies is obviously too advanced for them

[kitz]

There is no redundancy on the DNS. They are all physically located in the same place and (IIRC) most of them are on the same subnet.

My "excellent redundancy" statement was pure sarcasm.

...  which is the lowest form of wit....  sorry

[guest]

I did notice - no need to apologise

I just thought it was worth pointing out that it's not just one DNS machine residing in the same place

For those confused - the primary and secondary DNS servers should be physically located in different buildings at the very least. They should also not be on the same subnet because if the subnet goes down then it doesn't matter if the servers are in different locations. This might sound complicated to the average user but its VERY basic stuff that the "lowliest" network technician should understand.

For some bizarre reason Be sent me their new T&Cs today - I don't actually have an account on the Be portal now so I suppose I'm going to get these sort of announcements ad infinitum now

[Azzaka]

Correct me if i am wrong, but i thought you went with a company not just for speed, but for support and the knowing that you are in good hands. So far I am at a loss as to the reasons one would join Be. The only reason i can see is the speed and non-cap, but does this out way the lack of support and the lack of common sense in the network engineers? eg: http://bbs.adslguide.org.uk/showthreaded.php?Cat=&Board=zen&Number=3227463&page=0&view=expanded&sb=5&o=#Post3227463

Tis only my opinion and do feel free to correct me if i am wrong.

[guest]

It didn't for me. I'm with UKO now who don't have to refer to a "Networking For Dummies" book every time part of the network has a problem

Edit - I don't think you linked to what you wanted to there? If you did then it makes no sense to me

[kitz]

>> Correct me if i am wrong, but i thought you went with a company not just for speed, but for support and the knowing that you are in good hands.

In all fairness, different people have different requirements of what they want from their ISPs and what may be important to some, may be of no consequence to others.  There are several ISPs that I wouldnt  touch but thats based on my own opinion, based on experiences Ive seen whilst helping others.

All ISPs do make errors from time to time - admittedly some worse than others and I cant think of a single ISP that hasnt had some form of disaster at some time or other.  (Ironically guess which ISP I pre-reg'd with, but didnt go with in the end because I felt they let me down on something several years ago).

I have spoken to Be reps in the past on behalf of others, and whilst they weren't in the UK, I must say that their CS at least did have half a clue about adsl... very unlike some of the other help desk staff I have spoken with from some certain ISPs. 
Therefore IMHO one could actually do far worse than Be and I do applaud that they were one of the first ISPs to shake up the industry with what they attempted to do.  So much so that if I were to change ISP and they were available at my exchange then they would be one of the ISPs that I would consider.

>> The only reason i can see is the speed and non-cap,

Yeah maybe youre right - but the non-cap certainly isnt important to me. However, the thought of a 7dB atten line on an "Up to 24Mbps" connection is very tempting, and they are an ISP that I would "give a go"  Ive seen Be lines and there are far worse I feel you could go with. 
However, the thought of high speed alone though mustn't be that much tempting to me, otherwise there are a couple of ISPs that could provide me with "up to 16Mbps", but after careful consideration I choose not to.  Whilst some people may think my own ISP is a pile of pooh, and they have made some errors, the one thing I cannot slate them for is the stability and uptime of my connection.

>> Tis only my opinion

Of course
..  and probably we are all biased to our own ISPs in some way if everything is working ok - otherwise we still wouldnt be with them.
At the end of the day - its horses for courses, and its up to us to decide what we think is the most important for what we want out of our connections, since we all have different priorities.

[DrTeeth]

I have decided to jump ship to Be. had major problems with a recent router and so have had my SNRM increased to 12 and have dropped from my usual 5500 profile to 3500.

I've had enough of this and even if I can only get 6Mb from Be, I'll be free of the male cows droppings of BT. I should, however, be able to sync at 12Mb. I feel liberated already and only signed up last night.

So far, I have been impressed with tech support and customer support. Naturally, checked that my soon-to-be old ISP takes Be MACs 

me/ Must make note of what 'thank you very much' is in Bulgarian.

Cheers

DrT

PS Read that DNS probs 'cured' by using a fixed IP, now free. Intend on using OpenDNS servers anyway.

[kitz]

Good luck and I hope it all works out for you. 
Although Be do apparently have their own profiling system, I do know a few users that have found things work better on their line when they dont have BT's DLM to cope with.