Anyone running C-Data OLTs?

J. Hellenthal jhellenthal at dataix.net
Sun Jul 12 21:43:26 UTC 2020 

Almost no surprise they are all third world, still scary in a sense. Might just have to rethink a blacklist strategy for traffic originating behind those locations.

-- 
 J. Hellenthal

The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.

> On Jul 10, 2020, at 15:30, blakangel at gmail.com wrote:
> 
>  Well here are a couple hundred:
> 
> https://www.shodan.io/search?query=Command+Line+Interface+for+EPON+System
> 
> -Keith
> 
> Mel Beckman wrote on 7/10/2020 1:07 PM:
> 
>> Perhaps you’re confusing OLT with ONT? An OLT is a “curbside” distribution node, the ONT is the CPE. The vulnerability is in the distribution node, not the CPE. No provider with any sense exposes their distribution node admin interface to the Internet. 
>> 
>> -mel via cell
>> 
>>> On Jul 10, 2020, at 1:01 PM, mel at beckman.org wrote:
>>> 
>>> The “WAN” port of an OLT _is_ it’s management port. Data, IPTV, and VoIP traffic pass on VLANs, typically encrypted. These are passive optical network (PON) devices, where all CPE in a group of, say, 32 premises receive the same light via an optical splitter. Thus network partitioning is a requirement of the architecture. There is no concept of a traditional “WAN” port facing the Internet. 
>>> 
>>> -mel via cell
>>> 
>>>> On Jul 10, 2020, at 12:21 PM, Owen DeLong <owen at delong.com> wrote:
>>>> 
>>>> 
>>>> Um, from the article it appears that this isn’t on the Management interface, but the WAN port of the OLT.
>>>> 
>>>> Owen
>>>> 
>>>> 
>>>>> On Jul 10, 2020, at 11:01 , Mel Beckman <mel at beckman.org> wrote:
>>>>> 
>>>>> But who, who I ask, opens their management interface to the public Internet?!?!
>>>>> 
>>>>> Maybe this is vulnerability if you have a compromised management network, but anybody who opens CPE up to the Internet is just barking mad :-)
>>>>> 
>>>>> -mel via cell
>>>>> 
>>>>>> On Jul 10, 2020, at 10:00 AM, Owen DeLong <owen at delong.com> wrote:
>>>>>> 
>>>>>>  https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872
>>>>>> 
>>>>>> Wow… Just wow.
>>>>>> 
>>>>>> Owen
>>>>>> 
>>>> 
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200712/bd9b8c20/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3944 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200712/bd9b8c20/attachment.bin>

More information about the NANOG mailing list