Aardvark Daily aardvark (ard'-vark) a controversial animal with a long probing nose used for sniffing out the facts and stimulating thought and discussion.

NZ's leading source of Net-Industry news and commentary since 1995
Australasia's "New Economy" News And Commentary Site
Headlines | XML feed | Contact | New Sites | Archives | Job Centre | MARKETPLACE | For Sale
Note: This column represents the opinions of the writer and as such, is not purported as fact
Hundreds Of DSL Users At Risk 20 June 2002 Edition
Previous Edition | Archives

Million $ Ideas
At last, the contents of Aardvark's "million-dollar ideas" notebook are revealed for all to see!
Click To See
What do you do when you discover unexpected traffic appearing on your DSL account and then discover a situation that could see thousands of other DSL users exposed to the same risk?

This was the problem faced by Software Developer John Burns this week.

After noticing that something unusual was going on, he checked the logs on his modem and found that the configuration settings had been changed with extra port mappings added by a person or persons unknown.

"Someone was using my router as a stepping stone for the transfer of data" he told Aardvark.

There are several reasons why someone might want to do this. By using someone else's DSL modem as a proxy, the malevolent sod carrying out this hijacking can effectively disguise their own identity and location. Alternatively, they may simply be avoiding expensive international traffic charges against their own account by directing traffic through someone else's DSL connection.

Feature: Promoting Your Website
Dont' forget to check out the series of hints on how to promote your website which will be regularly added to throughout the next few weeks.

New this week: Writing an Effective Press Release

After finding the cause of the problem, Burns decided to check and see just how many other DSL users might be affected.

He wrote a program that scanned local IP numbers, looking for similarly vulnerable DSL users.

A scan of 5,000 potential computers produced a list of almost 500 vulnerable setups.

Burns is adamant that although the nature of the problem would have allowed him to have done significant mischief on the systems he checked, his program was only designed to detect exposed systems and prepare a list of email addresses he would use to contact these users and warn them of the risk.

Readers Say
(updated hourly)
  • Router Problems... - Craig
  • Informing People... - Andrew
  • security through obscurity... - Jared

    In response to overwhelming feedback (only a tiny percentage of which is included here) I have decided to publish the information sent to me by John Burns.

  • Have Your Say

    Unfortunately, it was this email that began to create problems for this benevolent hacker.

    Burns says "each user was individually emailed with a message telling them of the problem, and how to fix it. Some probably chose to treat it as a hoax, others returned by email asking for more information, some fixed the problem and sent me emails of praise, while others swore privacy infringement and contacted the police and their lawyers....All because I was trying to help them."

    Realising that not all those who received the email would understand how to fix the problem, Burns also offered his services to assist -- for a small fee. On reflection, he agrees that perhaps this wasn't a good idea and that as a result, the email may have been seen as a cheap trick to rake up some business.

    When asked why he didn't simply go straight to ISPs and inform them of the problem, Burns said he felt it was a good idea to keep the details restricted only to those who it affected rather than issue a general alert that might allow hackers to exploit the vulnerability.

    So, did Burns do the right thing?

    Well once the proposed anti-hacking legislation is enacted he would likely be exposed to the risk of prosecution for his actions -- is that fair?

    In performing automated port-scanning he's almost certainly breached the terms of service as laid down by his ISP -- but should he be penalised in this case?

    And where does the buck stop for problems like this?

    Ultimately it's probably not Telecom's or the ISP's fault or responsibility because the flaw is actually in the modem and the way it is configured. Burns says that the problem affects "almost every modem you can buy, nokia, dynalink, 3com, etc."

    If I were to be cynical (who me?) then I'd suggest that Telecom are probably not too interested in the problem anyway -- after all, JetStream users are responsible for paying all charges incurred on their account, even if those charges are the result of a hack. We've already been made very much aware of their "not our problem" approach to the risks that DSL users face from denial of service attacks and the traffic charges they can produce.

    Of course this whole situation also leaves me with a bit of dilemma. Do I publish details of the problem and the solution proposed by Burns so that people can fix the problem -- or do I continue the "security by obscurity" approach and hope that everyone will work it out for themselves before the hackers do?

    Burns' approach of directly emailing those affected starts to look rather sensible doesn't it?

    Note: This is not a new problem, but one which has surfaced previously -- although too many people are seemingly unaware of it. Burns has provided me with a document that describes the cause and effect of the problem, along with a remedy. Do I publish?

    Have Your Say
    As always, your comments are welcomed. Please remember to select "For Publication" if you want them included on this site.

    Have your say.

    Linking Policy
    Want to link to this site? Check out Aardvark's Linking Policy.

    Did you tell someone else about Aardvark today? If not then do it now!

    Security Alerts
    Holes Still Linger in Yahoo! Messenger (iNetNews - 06/06/2002)

    Experts warn of IE Gopher hole (ZDNet - 05/06/2002)

    DoS Hole Has Some DNS Servers In a BIND (iNetNews - 05/06/2002)

    Microsoft Exchange hole "critical" (CNet - 28/04/2002)

    Report: Hole found in Excel (ZDNet - 28/05/2002)

    Virus Alerts
    Soccer World Cup Virus Detected (iNetNews - 07/06/2002)

    Shakira worm rocks the Net (ZDNet - 06/06/2002)

    New viruses aim to cross multi platforms (ZDNet - 05/06/2002)

    Bookmark This Page Now!


    NZL Sites
    NZ Netguide
    NZ Herald Tech
    PC World NZ
    NZOOM Technology WordWorx

    AUS Sites
    Fairfax IT
    Australian IT
    AUS Netguide
    NineMSN Tech
    APC Magazine

    USA Sites
    CNNfn Tech
    Yahoo Tech
    ZDNet Tech
    USA Today Tech
    7am.com SciTech

    UK Sites
    The Register
    BBC SciTech


    The Day's Top News
    Open in New Window = open in new window
    New Zealand

    Open in New Window Complainant not surprised at Microsoft decision
    Auckland lawyer Craig Horrocks says the rejection by the Commerce Commission of his complaint against Microsoft of anti-competitive behaviour is no surprise...

    Open in New Window E-signature hurdles stymie full-force gov't portal
    Fewer than 100 of the 1000 government services catalogued on the government's forthcoming portal will be able to be used totally online...


    Open in New Window LindowsOS backs off its claim to run most Microsoft apps
    There is no more talk of running any programs designed for Windows, let alone Microsoft products...

    Open in New Window States-Microsoft have final say
    Microsoft and nine plaintiff states return to the courtroom Wednesday for closing arguments in the software giant's antitrust remedy proceeding...

    Open in New Window SpamNet enlists you to fight spam
    Ordinary Web surfers could play a major role in stemming the rising tide of junk e-mail crippling the Net, if a new anti-spam company hits its mark...

    Open in New Window Sun's Full Assault on .NET
    Sun Microsystems unveils plans to distribute free software in a brazen effort to compete with Microsoft for control of the so-called next-generation Internet...

    Open in New Window Riversoft unleashes mother of all disclaimers
    We know how much Reg readers enjoy a good disclaimer, so it is with great pleasure that we bring you this classic...
    The Register


    Open in New Window You can't send mail: a broadband user's plight
    The Mail Abuse Prevention System (MAPS) has blocked several IPs on the Telstra broadband network, acccording to a posting at Whirlpool, a forum for Australian broadband users...
    The Age

    Open in New Window Spam lawsuit creates furore
    INTERNET activists are taking to the streets to protest the actions of an alleged spammer at the centre of a lawsuit in Western Australia...
    Australian IT


    Open in New Window Fresh fears over mobile phones
    A major study into the safety of mobile phones has concluded that they may affect the health of people who use them...

    Open in New Window Cybersecurity panel looks at Net risks
    Logging onto the Internet is like entering a dangerous neighborhood. Risks include identity fraud and intellectual property and credit card theft....
    USA Today/AP

    Open in New Window Pro-Islamic hackers join forces
    There is mounting evidence that individual hacker groups connected by a pro-Islamic agenda are working together to carry out hack attacks, say experts...

    Open in New Window Mission Possible: Building a Consumer Brand on the Internet
    Ask online marketing experts whether it is possible to build a brand strictly by using the Web; most of them will say it is...

    Open in New Window Chew on this: Tooth phone implants
    British engineers say they have invented a revolutionary tooth implant that works like a mobile phone and would not be out of place in a James Bond spy movie...

    Looking For More News or Information?

    Search WWW Search Aardvark

    Privacy Policy | Copyright © 2002, Bruce Simpson, republication rights available on request

    jet engine page