ISP data collection from home routers

Christopher Morrow morrowc.lists at gmail.com
Thu Mar 24 14:54:36 UTC 2022


On Thu, Mar 24, 2022 at 10:04 AM Giovane C. M. Moura via NANOG <
nanog at nanog.org> wrote:

>
> > Who cares about the SSID???
>
> I don't remember the data model, but I remember that they retrieved data
> very often, multiple times a minute.
>
>
Please keep in mind that TR-069 (which in all likelihood is how the data
you remember captured was captured) provides
raw packet access to the customer side of the device.

yes, this is a problem, yes it's certainly been/being abused.
Yes the protocol is garbage and implementations are also garbage :(
see the, at least 1, blackhat/defcon presentations about TR-069 problems.

https://www.youtube.com/watch?v=XXhV7zpc6m8
https://www.geekzone.co.nz/forums.asp?forumid=49&topicid=214760&page_no=5
https://www.blackhatethicalhacking.com/news/multiple-backdoors-and-vulnerabilities-discovered-in-fiberhome-routers/

there's really no reason at all to have this exposed as it is :(
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20220324/2de3b743/attachment.html>


More information about the NANOG mailing list