<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">Almost no surprise they are all third world, still scary in a sense. Might just have to rethink a blacklist strategy for traffic originating behind those locations.<br><br><div dir="ltr"><div><span style="background-color: rgba(255, 255, 255, 0);">-- </span></div><div><span style="background-color: rgba(255, 255, 255, 0);"> J. Hellenthal</span></div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><span style="background-color: rgba(255, 255, 255, 0);">The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.</span></div><div dir="ltr"><br><blockquote type="cite">On Jul 10, 2020, at 15:30, blakangel@gmail.com wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<span>Well here are a couple hundred:<br>
<br>
</span><span><a href="https://www.shodan.io/search?query=Command+Line+Interface+for+EPON+System">https://www.shodan.io/search?query=Command+Line+Interface+for+EPON+System</a><br>
<br>
-Keith<br>
<br>
Mel Beckman wrote on 7/10/2020 1:07 PM:</span><br>
<br>
<blockquote type="cite" cite="mid:8C5B52FD-86AE-44D4-8A2B-FD0A1BA96821@beckman.org">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
Perhaps you’re confusing OLT with ONT? An OLT is a “curbside”
distribution node, the ONT is the CPE. The vulnerability is in the
distribution node, not the CPE. No provider with any sense exposes their
distribution node admin interface to the Internet. <br>
<br>
<div dir="ltr">-mel via cell</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jul 10, 2020, at 1:01 PM, <a class="moz-txt-link-abbreviated" href="mailto:mel@beckman.org">mel@beckman.org</a>
wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite"><div dir="ltr">The “WAN” port of an OLT _is_
it’s management port. Data, IPTV, and VoIP traffic pass on VLANs,
typically encrypted. These are passive optical network (PON) devices,
where all CPE in a group of, say, 32 premises receive the same light via
an
optical splitter. Thus network partitioning is a requirement of the
architecture. There is no concept of a traditional “WAN” port facing the
Internet. <br>
<br>
<div dir="ltr">-mel via cell</div>
<div dir="ltr"><br>
<blockquote type="cite">On Jul 10, 2020, at 12:21 PM, Owen DeLong
<a class="moz-txt-link-rfc2396E" href="mailto:owen@delong.com"><owen@delong.com></a> wrote:<br>
<br></blockquote>
</div>
<blockquote type="cite"><div dir="ltr">
<div class="">Um, from the article it appears that this isn’t on the
Management interface, but the WAN port of the OLT.</div>
<div class=""><br class="">
</div>
<div class="">Owen</div>
<div class=""><br class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Jul 10, 2020, at 11:01 , Mel Beckman <<a href="mailto:mel@beckman.org" class="" moz-do-not-send="true">mel@beckman.org</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div dir="auto" class="">But who, who I ask, opens their management
interface to the public Internet?!?!
<div class=""><br class="">
</div>
<div class="">Maybe this is vulnerability if you have a compromised
management network, but anybody who opens CPE up to the Internet is just
barking mad :-)<br class="">
<br class="">
<div dir="ltr" class="">-mel via cell</div>
<div dir="ltr" class=""><br class="">
<blockquote type="cite" class="">On Jul 10, 2020, at 10:00 AM, Owen
DeLong <<a href="mailto:owen@delong.com" class="" moz-do-not-send="true">owen@delong.com</a>> wrote:<br class="">
<br class=""></blockquote>
</div>
<blockquote type="cite" class="">
<div dir="ltr" class=""> <a href="https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872" class="" moz-do-not-send="true">
https://www.zdnet.com/article/backdoor-accounts-discovered-in-29-ftth-devices-from-chinese-vendor-c-data/?ftag=TRE-03-10aaa6b&bhid=29077120342825113007211255328545&mid=12920625&cid=2211510872</a>
<div class=""><br class="">
</div>
<div class="">Wow… Just wow.</div>
<div class=""><br class="">
</div>
<div class="">Owen</div>
<div class=""><br class="">
</div>
</div></blockquote>
</div>
</div>
</div></blockquote>
</div>
<br class="">
</div>
</div></blockquote>
</div></blockquote>
</blockquote>
<br>
</div></blockquote></body></html>