Anyone running C-Data OLTs?

blakangel at gmail.com blakangel at gmail.com
Fri Jul 10 20:28:17 UTC 2020


Well here are a couple hundred:

https://www.shodan.io/search?query=Command+Line+Interface+for+EPON+System

-Keith

Mel Beckman wrote on 7/10/2020 1:07 PM:

> Perhaps you’re confusing OLT with ONT? An OLT is a “curbside” 
> distribution node, the ONT is the CPE. The vulnerability is in the 
> distribution node, not the CPE. No provider with any sense exposes 
> their distribution node admin interface to the Internet.
>
> -mel via cell
>
>> On Jul 10, 2020, at 1:01 PM, mel at beckman.org wrote:
>>
>> The “WAN” port of an OLT _is_ it’s management port. Data, IPTV, and 
>> VoIP traffic pass on VLANs, typically encrypted. These are passive 
>> optical network (PON) devices, where all CPE in a group of, say, 32 
>> premises receive the same light via an optical splitter. Thus network 
>> partitioning is a requirement of the architecture. There is no 
>> concept of a traditional “WAN” port facing the Internet.
>>
>> -mel via cell
>>
>>> On Jul 10, 2020, at 12:21 PM, Owen DeLong <owen at delong.com> wrote:
>>>
>>> 
>>> Um, from the article it appears that this isn’t on the Management 
>>> interface, but the WAN port of the OLT.
>>>
>>> Owen
>>>
>>>
>>>> On Jul 10, 2020, at 11:01 , Mel Beckman <mel at beckman.org 
>>>> <mailto:mel at beckman.org>> wrote:
>>>>
>>>> But who, who I ask, opens their management interface to the public 
>>>> Internet?!?!
>>>>
>>>> Maybe this is vulnerability if you have a compromised management 
>>>> network, but anybody who opens CPE up to the Internet is just 
>>>> barking mad :-)
>>>>
>>>> -mel via cell
>>>>
>>>>> On Jul 10, 2020, at 10:00 AM, Owen DeLong <owen at delong.com 
>>>>> <mailto:owen at delong.com>> wrote:
>>>>>
>>>>>  
>>>>> https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872 
>>>>>
>>>>>
>>>>> Wow… Just wow.
>>>>>
>>>>> Owen
>>>>>
>>>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200710/1346f1af/attachment.html>


More information about the NANOG mailing list