TM also did this on their GITN Customers

u all who read this must understand what "ISP" stands for. As an Internet Service Provider, all they can do is to give internet access to customer. n they manage to give it. the problem is about that modem. the D-link modem. they should be blame bcause they set the default settings. i think TM have no rights to change the default setting except the one that has to do with internet access.

about the question on can people change the modem..... i think they cant.... bcoz it has something to do with the main equipment at TM office n MAC address of the modem(my friend at TM told me). so if u n ur neighbour both subscribe unfi, their modem cant be exchange eventhough they have the same modem brand....

try to google about the d-link modem to find more answers

i think the issue is not about running ssh daemon or not. most routers run ssh on internet-facing segment so no biggie. the real issue in my opinion is the fact that the remote management is enabled for 0/0 network which actually means anyone including my mother can access any resources in the router.

so if it's part of the t&c that tm can and must access the RG then they can do that. the incompetence part of this is opening it up for all the world to access. ideally the router should only be access from trusted/authorized segment which has to be explicitly specified in the remote management section.

u work for TM...? don think so... u pay TM bill 1 la...

You don't pay TM bill, they suspend your account.

For ISP remote management, there is something called TR-069 right?

Link to this topic has been spreading alot today on twitter

Actually it's not really that surprising that remote management is enabled. I've worked for another ISP and we have access to the company given routers that can be accessed via Remote management to check if there's anything wrong with the line. Though this feature is only available to corporate level clients.

Can someone PM me the default password for the firmware > 7.05?

Wish to test.

Tks.

eh apologist. firstly its a wifi router. secondly, stop deflecting blame to dlink!!
that router is a custom router that tm oem-d from dlink. you cant buy it off the shelf from any store.
it is a tm router. i dont care if dlink or flink or nolink or slolink made it.

the tm logo pasted everywhere.

Actually, we can flash it with WRT firmware.

I've already broken their IPTV, VLAN tagging, bandwidth limits and now this stupid router account. Did all my own research using Linux, wireshark and a 10mbps ISDN hub from 10 years ago.

PPPoE can use MAC authentication but its not set on Unifi or streamyx at the moment. Even if they did use MAC authentication, most routers have MAC address cloning/spoofing features even on their stock firmware. TM seems to not know the capabilities of their own equipment at the moment.

I didn't get this information from a friend of a friend who works at TM or anything, I just observed the protocols, system configuration and made my own assumptions (which 95%+ of the time turned out to be correct).

Anyway, just uploaded some material regarding Unifi on my own site @ http://unifi.athena.my/ or http://athena.my/unifi . Should be sufficient to get you running on your own router hardware using the DIR-615 as a VLAN bridge (which they still claim is impossible ).

@ihsan

Having the SSHd enabled alone allows them to turn every router into a proxy using SSH tunneling. It's not necessary to have SSH at all since the web interface provides all the necessary tools.. and there are TTL connectors on the DIR-615 board which allow for serial connections. Hiding the account made us crack our heads for months wondering what would be a good VLAN switch to use as a bridge when the DIR-615 could be used all along.. something they denied was possible. I'm sure newbies wont mind letting TM's support staff access their router to help them troubleshoot the situation but advanced users and corporations may not feel comfortable with that sort of thing. Even if this was the case, TM wouldn't be able to access the router remotely if the HSBB line was having connection issues.

I'm already getting tons of PMs from non-Unifi users regarding how to do this while pretending to be Unifi users, it's like they can taste the premium HSBB bandwidth or something.

---

I'm also just scratching the surface of this exploit here, the GPON routers (Fiberhome) are also not configured properly and open to outsider access but thankfully they operate at a much lower layer.

This post has been edited by rizvanrp: Jun 2 2010, 02:59 PM

this is brilliant,thanks riz

I also got a few PMs regarding the username/password... which is a no brainer really if you read some posts properly.

Oem or not the hardware is still a piece of shit for p2p especially and that is the truth.

http://www.smallnetbuilder.com/content/view/30349/187/



All tmnut did was make a piece of shit an even bigger pile of piece of shit (which sadly they proved possible by making it a security disaster and needlessly not letting their users use their own routers)

This post has been edited by Moogle Stiltzkin: Jun 2 2010, 03:21 PM

if the access list only allows certain range to access the box, then only from that segment can someone tunnel over SSH. since I would think that the origin the router has to be a linux or something similar to that, i figure an sshd daemon is needed to do low-level diagnostics or configuration since you expose yourself to unnecessary risk if you open up low level access via web application. of course there's a way to mitigate the level of compromise i.e. webapp speak to system daemon via restricted socket etc, i doubt that current breeds of RGs have that level of sophistication.

back to the question whether or not it's appropriate to have low-level access from the perspective of remote RG management, i think it's more of a matter of policy. and of course having said that the password management could have done better.

good job for the expose. it takes just one exploit for them to feel the heat.

This post has been edited by ihsan: Jun 2 2010, 05:25 PM

@ihsan

I completely agree that they botched the access control for the router.

Regarding policy, I'm not really contending the fact that they can decide if they want to have access to their own hardware. After all, none of us actually bought the DIR-615 from them. I just wish they that they would have a less restrictive and more open policy when it comes to the hardware. If they had informed us about this second account, not only would we have been able to avoid this whole security fiasco.. we would have been able to use our own routers with their system for internet access from the very beginning.

I think they should have remote access up to the Fiberhome unit but beyond that it's really up to the users what hardware they want to use. There's no hardware policy on Streamyx, there shouldn't be one on Unifi either. I don't really want them telling me what router I can or cannot use with Unifi and judging by the response I've received from other users on LYN, I think they feel the same way. When it comes to securing my network, I've never trusted TM from day one.

this thread is in the news already
kaka

surely tm will see it now

http://www.themalaysianinsider.com/malaysi...hacking-spying/

Why is this place all YELLOW??? i thought i was in some Digi ad or something

moral of the lesson:

can you trust tmnut?

absolutely no.