A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

o2 BB - Security Issues



 
 
Thread Tools Display Modes
  #1  
Old April 15th 08, 03:33 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Paul
external usenet poster
 
Posts: 33
Default o2 BB - Security Issues

Just got myself an o2 connection after many years on Zen (first at 2MB
then the 8MB package). o2 Speed and reliability seems ok so far
however, their ideas on security are scary.

First, they give out your o2 username on every outgoing email sent via
their smtp servers (which require authentication), it goes something
like this...

Received: from main.lan (93.96.21.112) by mail.o2.co.uk (8.0.013.3) (authenticated as MYUSERNAME) id 47EBD0F803123B21 for ; Thu, 10 Apr 2008 10:10:13 +0100


Next, the router they provide (speedtouch) shows up an "unknown"
device as the first device on the Lan. Here's the divice listing
complete with mac and IP addresses.

Unknown-00-03-fa-a9-d7-4a 93.96.16.1


So I have an actual networked device attached to my network from
outside. This is not a node, or a gateway, it's a network device
complete with Mac addy and fixed IP. here's the network whois info
(trimmed) on the IP...

Network Whois record

Queried whois.ripe.net with "-B 93.96.16.1"...


% Information related to '93.96.0.0 - 93.96.255.255'

inetnum: 93.96.0.0 - 93.96.255.255
netname: UK-AVATARBROADBAND-20080125
descr: Be Un Limited



% Information related to '93.96.0.0/16AS35228'

route: 93.96.0.0/16
descr: Entire 3rd New block for BeUnlimited
source: RIPE


So, if they just grab my "workgroup" ID they can have a good poke
around my "shared" files. Great eh?

Looks like I'll have to crawl back to Zen and beg forgiveness.
  #2  
Old April 15th 08, 03:50 PM posted to uk.telecom.broadband
[email protected]
external usenet poster
 
Posts: 264
Default o2 BB - Security Issues

On Tue, 15 Apr 2008 15:33:50 +0100, Paul wrote:


Looks like I'll have to crawl back to Zen and beg forgiveness.

Zen is far to expensive plus if you call them it takes for ever going
round their phone menu system .
  #3  
Old April 15th 08, 05:30 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Anthony R. Gold
external usenet poster
 
Posts: 361
Default o2 BB - Security Issues

On Tue, 15 Apr 2008 15:33:50 +0100, Paul wrote:

So I have an actual networked device attached to my network from
outside. This is not a node, or a gateway, it's a network device
complete with Mac addy and fixed IP. here's the network whois info
(trimmed) on the IP...

Network Whois record

Queried whois.ripe.net with "-B 93.96.16.1"...


% Information related to '93.96.0.0 - 93.96.255.255'

inetnum: 93.96.0.0 - 93.96.255.255
netname: UK-AVATARBROADBAND-20080125
descr: Be Un Limited



% Information related to '93.96.0.0/16AS35228'

route: 93.96.0.0/16
descr: Entire 3rd New block for BeUnlimited
source: RIPE


So, if they just grab my "workgroup" ID they can have a good poke
around my "shared" files. Great eh?


What packet types or protocols can "they" use to pass through the NATting
router with no forwards to access your LAN hosts that are sharing files?

Looks like I'll have to crawl back to Zen and beg forgiveness.


Tony
  #4  
Old April 15th 08, 10:25 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Adrian C
external usenet poster
 
Posts: 440
Default o2 BB - Security Issues

Paul wrote:
Just got myself an o2 connection after many years on Zen (first at 2MB
then the 8MB package). o2 Speed and reliability seems ok so far
however, their ideas on security are scary.

First, they give out your o2 username on every outgoing email sent via
their smtp servers (which require authentication), it goes something
like this...

Received: from main.lan (93.96.21.112) by mail.o2.co.uk (8.0.013.3) (authenticated as MYUSERNAME) id 47EBD0F803123B21 for ; Thu, 10 Apr 2008 10:10:13 +0100


Well, that's interesting. I'm a pre-O2 Be customer. I'm on a different
email system (OutBlaze). I'd choose a very strong password if I were you.


Next, the router they provide (speedtouch) shows up an "unknown"
device as the first device on the Lan. Here's the divice listing
complete with mac and IP addresses.

Unknown-00-03-fa-a9-d7-4a 93.96.16.1


snip

It's the gateway port... Same IP

Looks like I'll have to crawl back to Zen and beg forgiveness.


Please do that. It'll mean a little more bandwidth for me :-p
Got 12mbps, could always do with a little more :-)

--
Adrian C
  #5  
Old April 15th 08, 11:25 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Andy Furniss
external usenet poster
 
Posts: 131
Default o2 BB - Security Issues

Paul wrote:

Looks like I'll have to crawl back to Zen and beg forgiveness.


Unless things have changed if you wanted a /29 fron Zen they insisted on
registering it in your name which I found strange given the normal
advice to children not to give out personal details...

Andy.

PS I know I post from a server that gives out my ip address - but my
kids grew up, so I don't care anymore and it's not quite as "on a plate"
for anyone who uses msn and wants to get the details of who they are
talking to.
  #6  
Old April 16th 08, 06:31 AM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Alex Fraser
external usenet poster
 
Posts: 553
Default o2 BB - Security Issues

Paul wrote:
[snip]
First, they give out your o2 username on every outgoing email sent via
their smtp servers (which require authentication), it goes something
like this...

Received: from main.lan (93.96.21.112) by mail.o2.co.uk (8.0.013.3) (authenticated as MYUSERNAME) id 47EBD0F803123B21 for ; Thu, 10 Apr 2008 10:10:13 +0100


There are countless email systems where the email address (or local-part
of the email address) is the username. Is it any worse to give away the
username part of the ADSL connection details?

Next, the router they provide (speedtouch) shows up an "unknown"
device as the first device on the Lan. Here's the divice listing
complete with mac and IP addresses.

Unknown-00-03-fa-a9-d7-4a 93.96.16.1


So I have an actual networked device attached to my network from
outside.


It sounds likely that this is the remote gateway of the PPP connection.
In any case, I would be very surprised if it was anything to worry about.

Alex
  #7  
Old April 16th 08, 04:56 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Paul
external usenet poster
 
Posts: 33
Default o2 BB - Security Issues

Alex Fraser wrote:

Paul wrote:
[snip]
First, they give out your o2 username on every outgoing email sent via
their smtp servers (which require authentication), it goes something
like this...

Received: from main.lan (93.96.21.112) by mail.o2.co.uk (8.0.013.3) (authenticated as MYUSERNAME) id 47EBD0F803123B21 for ; Thu, 10 Apr 2008 10:10:13 +0100


There are countless email systems where the email address (or local-part
of the email address) is the username. Is it any worse to give away the
username part of the ADSL connection details?


They tell their users to keep their username/password safe then give
out half of that info to every email recipient. Seems a tad daft to
me, but that aside, the main worry is that the breach is hidden, so
most users won't even know. Christ, I only checked myself because I
was being nosey.

Next, the router they provide (speedtouch) shows up an "unknown"
device as the first device on the Lan. Here's the divice listing
complete with mac and IP addresses.

Unknown-00-03-fa-a9-d7-4a 93.96.16.1


So I have an actual networked device attached to my network from
outside.


It sounds likely that this is the remote gateway of the PPP connection.


I agree.

In any case, I would be very surprised if it was anything to worry about.


I wouldn't.
  #8  
Old April 16th 08, 04:56 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Paul
external usenet poster
 
Posts: 33
Default o2 BB - Security Issues

Andy Furniss wrote:

Paul wrote:

Looks like I'll have to crawl back to Zen and beg forgiveness.


Unless things have changed if you wanted a /29 fron Zen they insisted on
registering it in your name which I found strange given the normal
advice to children not to give out personal details...


Yes, the 8-IP addy option, not good.

PS I know I post from a server that gives out my ip address - but my
kids grew up, so I don't care anymore and it's not quite as "on a plate"
for anyone who uses msn and wants to get the details of who they are
talking to.


Can one's IP addy still be grabbed via msn these days?
  #9  
Old April 16th 08, 04:56 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Paul
external usenet poster
 
Posts: 33
Default o2 BB - Security Issues

Anthony R. Gold wrote:

On Tue, 15 Apr 2008 15:33:50 +0100, Paul wrote:

So I have an actual networked device attached to my network from
outside. This is not a node, or a gateway, it's a network device
complete with Mac addy and fixed IP. here's the network whois info
(trimmed) on the IP...

Network Whois record


inetnum: 93.96.0.0 - 93.96.255.255
netname: UK-AVATARBROADBAND-20080125
descr: Be Un Limited


So, if they just grab my "workgroup" ID they can have a good poke
around my "shared" files. Great eh?


What packet types or protocols can "they" use to pass through the NATting
router with no forwards to access your LAN hosts that are sharing files?


They can do what they like, they are connected to the router with as
much control as I have, if not more (hidden service menu?). O2 openly
claim to be able to access the router for service and update (firmware
etc.) issues. How hard would it be to configure their connection as
part of my local network via NAT on "their" router?


  #10  
Old April 16th 08, 04:59 PM posted to uk.telecom.broadband,uk.comp.home-networking,alt.internet.providers.uk
Paul
external usenet poster
 
Posts: 33
Default o2 BB - Security Issues

Adrian C wrote:

Paul wrote:
Just got myself an o2 connection after many years on Zen (first at 2MB
then the 8MB package). o2 Speed and reliability seems ok so far
however, their ideas on security are scary.

First, they give out your o2 username on every outgoing email sent via
their smtp servers (which require authentication), it goes something
like this...

Received: from main.lan (93.96.21.112) by mail.o2.co.uk (8.0.013.3) (authenticated as MYUSERNAME) id 47EBD0F803123B21 for ; Thu, 10 Apr 2008 10:10:13 +0100


Well, that's interesting. I'm a pre-O2 Be customer. I'm on a different
email system (OutBlaze). I'd choose a very strong password if I were you.


I use an alternative smtp server, much easier and safer.

Next, the router they provide (speedtouch) shows up an "unknown"
device as the first device on the Lan. Here's the divice listing
complete with mac and IP addresses.

Unknown-00-03-fa-a9-d7-4a 93.96.16.1


snip

It's the gateway port... Same IP

Looks like I'll have to crawl back to Zen and beg forgiveness.


Please do that. It'll mean a little more bandwidth for me :-p
Got 12mbps, could always do with a little more :-)


No nntp server though eh? Forgot to ask that one *before* I subbed.
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
o2 BB - Security Issues Paul uk.comp.home-networking (UK home networking) 33 April 20th 08 06:47 PM
Voxalot issues Herman uk.telecom.voip (UK VOIP) 2 June 8th 07 07:25 PM
Draytel issues James Ewen uk.telecom.voip (UK VOIP) 0 December 5th 06 08:12 PM
Sipgate issues PhilÅ uk.telecom.voip (UK VOIP) 69 August 17th 05 10:38 AM
BT BBV issues Duncan MacCallum uk.telecom.broadband (UK broadband) 5 July 2nd 04 04:09 PM


All times are GMT +1. The time now is 01:05 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ©2004-2019 BroadbanterBanter.
The comments are property of their posters.