Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[vdm]

Report by Steve Ragan: http://www.csoonline.com/article/744697/report-accuses-bt-of-supplying-backdoors-for-gchq-and-nsa

Paper: http://cryptome.org/2013/12/Full-Disclosure.pdf . I am skeptical of its claims because it doesn't distinguish between surveillance and normal CPE management. It links to asbokid's firmware.

Andrew & Arnold's take: https://s.aa.net.uk/1871

[roseway]

It sounds like a group of researchers wanting to make a name for themselves.

[guest]

Bit naughty using a publically routable IP block in a private LAN mmm?

In fact I don't understand why they would do that when they have upwards of 22 million private IP addresses (if we include the carrier nat block).

Oh and the choice of IP block is strangely odd too - I don't believe they didn't check who had the block either.

[guest]

Just read the full disclosure thing and the guys sound like tabloid journos, or nutters, take your pick.

Still wondering why they used the DoD block when they could easily use private IP addresses - and the carrier NAT block was created for EXACTLY this purpose.

[Breaker]

Quite a few companies use the 30. IP block as it doesn't get publicly routed properly, so is similar to private addresses such as 10.*.*.* or 192.168.*.* so the actual block being registered to the DoD is likely a red herring.  Try tracerouting any ip address on the 30. block and you won't get to any destination.  The DoD use the addresses at private internal network addresses.

Using a different ip range than the usual 192.168 or 10. is probably to stop conflicts or routing problems in in the case of customers using those addresses themselves. Or possibly they already use 10. in their own network.

The vlan 301 was an interesting find as well as the admin/admin login for the open ssh.  Unless there is some network level blocking, there is nothing to stop those with full access to their modem from scanning/accessing the modem and networks of other fibre customers...

[guest]

When did they start rolling out the HG612?

I guess it could have been before the carrier nat block was created, in which case the use of 30.0.0.0/8 would make sense.

[burakkucat]

b*cat would like to draw fellow Kitizen's attention to a series of blog postings that are dated from around 17 months ago.

So, that "Steve Ragan" has nothing better to do than to trawl archives and "create" "news" events from historic information. 

[guest]

b*cat would like to draw fellow Kitizen's attention to a series of blog postings that are dated from around 17 months ago.

So, that "Steve Ragan" has nothing better to do than to trawl archives and "create" "news" events from historic information. 

Steve Ragan is reporting on the "Full Disclosure" document so I think your ire is misdirected

[burakkucat]

Steve Ragan is reporting on the "Full Disclosure" document so I think your ire is misdirected

The "Full Disclosure" document is pure FUD, created by a person or persons unknown who has or have read (in no particular order): (1) what Asbokid has published (2) certain (humorous) remarks by b*cat (3) the published work of Zach Cutlip (4) many other threads in this, the Kitz forum, etc.

Unfortunately "Steve Ragan" (if such a so-named person actually exists) is still worthy of a "full-broadside" and being kicked into the litter tray because of the way "he" has reported on that non-news, the "Full Disclosure" document.

Now, who was it who started this thread? And how well-known, to us, is s/he? How many Kitz forum postings?    Hmm . . .