Bandwidth thieves

[shagstar]

Hi guys.
Anyone who knows a little bit about IT should know that stealing bandwidth is a reasonably easy thing to do.
Most people should know that when you are connected to the internet, you connect using a thing Called "Internet Protocol" We call it an IP address, which the router uses to dial through. this changes every 24hours so there is no way that i know of of tracking it. But im not going to get to complex.
but none the less. The security issues with this is quite bad, as you know you log into the router with a user name and password, to set up your ISP info, but most of these are still set to default, so anyone on the same range of IP can dial into your router and steal you account information, using a IP scanner! They get to the login screen and try the default Info. Once their in, they can take your ISP info off t he router. This is serious and us honest people pay a decent amount for bandwidth only to have these "wannabe hackers" steal it from us!
there is no way of catching these people that i know of, but why not tighten the security yourself
From a logical point of view. when your ISP set up your router, some leave the default user name and log in password there? this must definitely be changed!!!
I found that setting your router into "bridged" mode also keeps these guys from stealing your ISP info altogether.
Bridged mode allows you to connect to the internet by actually dialing from your computer. and having your ISP info on your PC and not the router. Its not 100% safe. but its a hell of a lot safer.
I think that if people are noticing strange things with their bandwidth they should ask about it.
And please change your login info PLEASE guys! If any of you do not know how to do this phone your ISP, and ask them how to do this, they will walk you through it over the phone.
There is a limit on bandwidth in this country, so its quite a big deal.
I hope what is said in this post is helpfull to most.

 

[quik]

This topic has probably been discussed quite a few times.

You actually dial using the PPPoE protocol, and every session is logged by your ISP. There are ways to catch people who steal bandwidth, the SAP have caught a number of people.

It's not all as dire as you make it out to be. If you suspect that your login info has been stolen, report it to your ISP and they will follow up on the matter. They may even give you back the lost bandwidth, but that depends on the ISP obviously.

Easiest way to change your default IP is to do the following:
1) Double click on the network icon next to the time on the taskbar
2) That'll bring up the local area connection status box
3) Click on the support tab and check for the default gateway address
4) Type this address into your browser, which should then prompt you for login info
5) Default user name and password differs from router to router, but should be something like: UN: admin/administrator/root, PW: [blank]/admin/administrator/root (or one of those combinations, can also check your manual or google your router model)
6) Once you're logged in, look for a link that states "user management" or something similar, where you can change the default password.
7) Remember to commit the changes, if you did it correctly you won't be able to log into the router with the old username/password.

 

[guest2013-1]

Yea, this is PAINFULLY easy.

I received this one "spam" email from someone in April. Figured "lets check the email headers" so I noticed it was from an ADSL line. Figured it won't hurt to just type the IP number in my browser. Whoops, pops up a box asking me for authentication. Admin/Admin and bob's your uncle.

Browsing in the router I noticed they use Web Africa. Right-Clicked and View Source reveals their password. Logged into their account and see they only have 3GB and have used about 1.1GB.

Smiled. Patted myself on the back. And carried on with my mundane life.

There's no need to steal anything really. Problem is just people who do this usually do it because they run out because they're downloading/doing something they shouldn't.

If you can't afford 50gig's worth of MP3 downloads, then don't download.... duhr

 

[Surv0]

Bandwidth crime used to be rife.. i dont think its happening as frequently anymore because alot of these guys are getting caught. Yes its pretty much as easy to get caught as it is to steal the account info.

And the only people who steal bandwidth, are the people who use mass amounts of it by downloading movies,games,mp3's,porn etc.

 

[.Froot.]

My ISP does not log your NAS ports anymore.... they have software that directly sees my phone number... I can see my phone number on my logs.

 

[ld13]

My ISP does not log your NAS ports anymore....

Of course they do. Comes from telkom like that. All they do is a simple Replace "NASPORT" with "$NUMBER".

 

[Turiko]

Turning OFF the management feature that allows router access from the outside world should be A FIRST PRIORITY!!!

They do get in, as I had experienced with one customer of mine long ago. And the use of a strong password for the router is also A FIRST PRIORITY!!!

 

[Threepwood]

Turning OFF the management feature that allows router access from the outside world should be A FIRST PRIORITY!!!

They do get in, as I had experienced with one customer of mine long ago. And the use of a strong password for the router is also A FIRST PRIORITY!!!

Can all routers do this, is it standard?

My one's firewall has an option that supposedly blocks any trafiic originating from the WAN (Internet), from what I've tested it's impossible for anyone to see my login screen, with that enabled, but I don't know of a feature to block "external management" of the device though.

 

[quik]

If your router doesn't have a setting for disabling remote management, you could add a rule to your firewall to block access. But like was said, a strong password is a must and would most likely be good enough.

 

[gregmcc]

My 2c worth - some valid comments but I have to pick

We call it an IP address, which the router uses to dial through.

Semantics but routers do not dial through, unless you have ISDN backup You actually connect using ppoe and IP is encapsulated within this tunnel.

this changes every 24hours

no it doesn't

so there is no way that i know of of tracking it.

all ip's can be traced. The internet is far from anonymous. Just about all servers/services used logs info.

but most of these are still set to default, so anyone on the same range of IP can dial into your router and steal you account information

this is old news but still valid. Anyone who still uses a default password should be shot!

there is no way of catching these people that i know of

yes there is - with some of the better isp's they use ips/ids appliance and look for scanning attempts. your IP will be logged and then hopefully investigated.

I found that setting your router into "bridged" mode also keeps these guys from stealing your ISP info altogether.

as you said, not 100% safe. If you use the router in bridge mode and it connects to your pc, the connection them terminates on your nic. you would need a decent firewall to filter out all the junk and scanning attempts from the internet. Much safer if to terminate the connection on a ipcop/iptables/etc machine and then connect your machine to that.

 

[RazedInBlack]

Hi guys.
Anyone who knows a little bit about IT should know that stealing bandwidth is a reasonably easy thing to do.
WRONG!
If you into IT doesn't mean you know anythng about networking. Maybe if you a network administrator or Cisco Engineer. IT is more business orientated which leans more towards business applications to support information systems like CRM or ERPs.

 

[ld13]

I D 10 T Error

Hi guys.
Anyone who knows a little bit about IT should know that stealing bandwidth is a reasonably easy thing to do.

WRONG!

If you into IT doesn't mean you know anythng about networking. Maybe if you a network administrator or Cisco Engineer. IT is more business orientated which leans more towards business applications to support information systems like CRM or ERPs.

eh, Right you mean. Wake up and smell the coffee man. Give me 2-5 minutes and I can teach you how to do this el33t "ub3r" n00b hackz0r and get at least 1 usable username and password...

If you know ANYTHING, worthwhile I must add, about IT at all, you should know that stealing bandwidth is a reasonably easy thing to do.

 

[The_Techie]

eh, Right you mean. Wake up and smell the coffee man. Give me 2-5 minutes and I can teach you how to do this el33t "ub3r" n00b hackz0r and get at least 1 usable username and password...

If you know ANYTHING, worthwhile I must add, about IT at all, you should know that stealing bandwidth is a reasonably easy thing to do.

Agreed, it's so easy it's scary

 

[The_Unbeliever]

/me pats /me smoothwall

 

[Noah]

Hi guys.
Anyone who knows a little bit about IT should know that stealing bandwidth is a reasonably easy thing to do.
WRONG!
If you into IT doesn't mean you know anythng about networking. Maybe if you a network administrator or Cisco Engineer. IT is more business orientated which leans more towards business applications to support information systems like CRM or ERPs.

Cough im in grade 9 and i know how to do this nonsense. Found out by mistake actually

 

[Obelix]

as far as im aware, nowadays most isp's lock your account to your phone number and you actually have to call them to ask them to open it up for other numbers, so unless you're isp is "in on the deal" you're account details are pretty much useless to anyone else.

also, the ability to get into the management web pages of a router form the wan side is something that has to be explicitly switched on. If yours does not have this option throw it away.

 

[warwickw]

Telkom internet do not lock the username's to ADSL port in the exchange by default, don't even think they offer this as an option. A vast majority of ADSL users in this country are Telkom Internet customers who have never changed the default user names and passwords.

I know Axxess and WebAfrica offer it for free on their accounts, and I recommend users to make use of of this feature.