” My petition on Change.Org is 975 Supporters and counting… Appreciate more from you 🙂 ”
Last December I wrote a post which I tried to make a point against the unfair FUP (Fair Usage Policy) and practices by SLT (Sri Lanka Telecom).
Many have supported me and I am really thankful for each and everyone who supported this cause…
Let’s raise our voice for a better quality of service for a better tomorrow…
Actually any system or device has the risk of being hacked. But if you are not using the available security measures then you can easily get hacked. It’s the same issue with SLT ADSL users also. Many don’t know the security level of the equipment they use and also an average user may not have all the technical capabilities about routers and other networking stuff. So if a user gets hacked or his accounts get misused who gets the responsibility. I’m quite sure SLT want, but actually they should be held responsible for configuring the equipment insecurely.
I will not tell how to hack through SLT routers, but I will explain the possibility of these threats.
- If I have the knowledge on the SLT ADSL assigned IP ranges I can do a port scanning to find the active IPs and even the services running on the on various ports. For this there are more than enough port scanners and vulnerability scanners available. You can Google if you really want to know about them. There are very good open source tools available such as nmap.
- Main issue with SLT is that when they configure the routers they keep the default device passwords intact.
- So when trying to logon to those IPs most of the time the router models are also revealed and you can easily find the default password from the manufacturer’s site.
If you cannot find the manufacturer still there are only very few username, password combinations. You can try few randomly.
- Admin, admin
- Admin, 12345678
Other than a few knowledgeable users everyone else are using the default passwords.
- Get access to the router and you could steal the ADSL user name and password. (If you have a low bandwidth connection or a lesser quota remaining then you can hack and use someone else’s user details. this was possible some time back and I’m not sure whether SLT has blocked this)
- Allow access to various protocols and ports
- You name it …
- Also the standard routes provided with SLT are not having the comprehensive security which most of the other widely available routers have. So it’s ideal if you only buy the connection from SLT and buy a known router which has most of the security enabled by default. Don’t fall for offers they give on routers. The seasonal cheap price is the actual price they buy the routers from the manufacturers. So you can expect advanced security 😛
Also many users have their wireless security off so the neighbors don’t need to buy an internet connection. You may think that you don’t need this but there is a huge risk in this. You are trying to stop external attacks with antiviruses and firewalls. But a person who comes to an unsecured network will not be an outsider. So the attacks are much easier. They can hack into most of the computers routers and completely destroy the network. Any criminal activities carried out through your network will be on your account. So better to be careful I guess 😛
There are laws but very few know about them and very few will know and use them. Even if they use them a hacker will be very careful to leave very few traces.
SLT should never configure the equipment with these two vulnerabilities for their own benefit and make the users unsecure. Of course if you are savvy on this better to implement this or get the services of a savvy person.
Related Posts: Sri Lanka Telecom: Increase the data quota given for ADSL Connections