Hello,
Arun K. Khan wrote:
From what I have seen of the MTNL, the DSL modem is not tied to a specific tel. line. The PPPoE/PPPoA session login is based on userid/passwd, similar to a PSTN dial up scenario - it will work on any phone connection that is DSL enabled. When you used your home router @ work, your connection was logged against your "home" account programmed into your home router. Had you changed the password to some gibberish string, you would have got "authentication failed."
Does that mean if someone knows my password (and has DSL enabled on his line), he can misuse my account. What happens if router is attached to normal telephone line but account used is of DSL enabled line. Does it still work? May be MTNL might have activated DSL on all lines but not activated account for that NUMBER.
OR other use can be is if my home usage is 350MB(400 scheme) I can use the remaining 50MB at office by changing username/password on router?
I do not have MTNL DSL. Can someone who has it, check this? I am planning to get one. There can be uses and misuses of this bug/feature.
Amish.
On Sun, 2005-09-25 at 09:26 +0530, Amish Mehta wrote:
Arun K. Khan wrote:
From what I have seen of the MTNL, the DSL modem is not tied to a specific tel. line. The PPPoE/PPPoA session login is based on userid/passwd, similar to a PSTN dial up scenario - it will work on any phone connection that is DSL enabled. When you used your home router @ work, your connection was logged against your "home" account programmed into your home router. Had you changed the password to some gibberish string, you would have got "authentication failed."
Does that mean if someone knows my password (and has DSL enabled on his line), he can misuse my account.
Absolutely, dial up accounts are vulnerable to this problem too. MTNL is setting the default password to the "CA" string for your tel. account (which shows up only your bill) but then it is _your_ responsibility to change it :)
What happens if router is attached to normal telephone line but account used is of DSL enabled line. Does it still work? May be MTNL might have activated DSL on all lines but not activated account for that NUMBER.
It is unlikely that MTNL has enabled all land lines to have ADSL.
OR other use can be is if my home usage is 350MB(400 scheme) I can use the remaining 50MB at office by changing username/password on router?
Yes in the current scheme of things.
I do not have MTNL DSL. Can someone who has it, check this? I am planning to get one. There can be uses and misuses of this bug/feature.
IMO, the security of your account is your responsibility. If you give out your password it is likely to be abused.
Does that mean if someone knows my password (and has DSL enabled on his line), he can misuse my account.
Absolutely, dial up accounts are vulnerable to this problem too. MTNL is setting the default password to the "CA" string for your tel. account (which shows up only your bill) but then it is _your_ responsibility to change it :)
If ONLY to cope with some strange MTNL eccentricity, and based on my experience with my "responsibility to change it", I urge you AGAINST changing the default password from the "CA" string. Because.... I am aware of two instances (different triband accounts) where on the next day after the change in pw, and internet access was NOT possible, until a complaint was processed and MTNL reset pw back to CA number at their end (which means typically a couple of days downtime). Both the separate instances occured some two months ago.
For the benefit of those who may not be clear/familiar: It should be noted that there are two separate username+passwords on the MTNL triband config activity.
One username+password is for access to the ADSL router. (which was ok to define and redfine as you please, and where the default is admin/admin).
The other username+password is the login for gaining access to the internet (which is the phonenumber+CAnumber, and which I think is a pain-point if you attempt to change the password).
Bye vkb
Hi List,
On Mon, 2005-09-26 at 17:02, VKB wrote:
If ONLY to cope with some strange MTNL eccentricity, and based on my experience with my "responsibility to change it", I urge you AGAINST changing the default password from the "CA" string. Because.... I am aware of two instances (different triband accounts) where on the next day after the change in pw, and internet access was NOT possible, until a complaint was processed and MTNL reset pw back to CA number at their end (which means typically a couple of days downtime). Both the separate instances occured some two months ago.
I have changed the default passwd (with CA number) and I am using the account without any problem.
In fact the 1st thing I did was to change my password when I activated my account some time on 11th Sep.
So far I have been login in using new passwd without any issue.
As for the billing, I am bit worried after reading number of mails on the list, as I have not received my 1st TriBand bill yet and have gone for NU Plan. :-(
I will keep my fingers crossed. :-) With regards,
Dinesh Shah wrote:
As for the billing, I am bit worried after reading number of mails on the list, as I have not received my 1st TriBand bill yet and have gone for NU Plan. :-(
Check your usage everyday to avoid a big shock at the end of the month. :)
Regards,
Rony.
___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com
On Monday 26 September 2005 11:32, VKB wrote:
For the benefit of those who may not be clear/familiar: It should be noted that there are two separate username+passwords on the MTNL triband config activity.
One username+password is for access to the ADSL router. (which was ok to define and redfine as you please, and where the default is admin/admin).
The other username+password is the login for gaining access to the internet (which is the phonenumber+CAnumber, and which I think is a pain-point if you attempt to change the password).
Well, many people fear that they will **** up their connection and so they don't touch the administrator password to their router AND they leave their router firewall off. So normal people, can access and play mischief with their routers >:-)
On Mon, 2005-09-26 at 18:31 +0000, Dinesh Joshi wrote:
Well, many people fear that they will **** up their connection and so they don't touch the administrator password to their router AND they leave their router firewall off. So normal people, can access and play mischief with their routers >:-)
IIRC, in the DLink 502T V1.0 firmware remote telnet and web admin is "allowed" by default. Thankfully, in V2.0 the default is "not allowed."
Those who have MTNL TriBand ensure your modem/router administration is not accessible from the WAN side.
-- Arun Khan
At least in Nagpur 80% ADSL router happily respond to admin/admin.
It is very easy to find out. Just nmap -sS -p80 xxx.xxx.xxx.* where xxx.xxx.xxx is three octet of your gateway.
And point your browser to IP which has port 80 open.
The funny part is that you cannot close port 80 , 23 on dlink router.
Warm Regards,
Mukund Deshmukh, Director, Beta Computronics Pvt Ltd, 10/1 IT Park, Parsodi, Near VRCE Exchange, Nagpur -440022 Cell 9422113746
they don't touch the administrator password to their router AND they leave their router firewall off. So normal people, can access and play mischief with their routers >:-)
-- Dinesh A. Joshi
On Monday 26 September 2005 15:00, Mukund Deshmukh wrote:
At least in Nagpur 80% ADSL router happily respond to admin/admin.
It is very easy to find out. Just nmap -sS -p80 xxx.xxx.xxx.* where xxx.xxx.xxx is three octet of your gateway.
And point your browser to IP which has port 80 open.
The funny part is that you cannot close port 80 , 23 on dlink router.
Thats just plain stupid. As for the command that you have given, use MTNL's IP range. Its 59.x.x.x or something. You'll find that almost all routers still have the admin/admin combination!
-
Amish Mehta -
Arun K. Khan -
Dinesh Joshi -
Dinesh Shah -
Mukund Deshmukh -
Rony Bill -
VKB