Official Vox DSL feedback thread

Ok, ceasing public posts. Please PM me if you are interested in this.
 
What's the feedback from Vox?

This is a very serious concern. One of those addresses link to a web interface which has a default password which would allow a nefarious agent to shut down systems in a server room.
 
I think it might be wise to check your firewall settings if you're using vox at the moment.
 
Grouter said:
I think it might be wise to check your firewall settings if you're using vox at the moment.
Click to expand...

From what I can gather from the above posts it almost looks like this is possibly a single company, at least in the 192.168.1.x range - looks like mainly corporate IT infrastructure.
 
It is scary the amount of devices that can be reached and that you can "fiddle" around with some of there settings and see lots of details about the users, company names, emails, telephone numbers etc. It feels like it almost borders on hacking into someones pc or devices.

Is like someone just left the door open for anyone to come in.

This must be due to incompetent people that configured there device incorrectly and inadvertently opened there device to be accessible from the internet, hopefully by accident.
 
jannier said:
It is scary the amount of devices that can be reached and that you can "fiddle" around with some of there settings and see lots of details about the users, company names, emails, telephone numbers etc. It feels like it almost borders on hacking into someones pc or devices.

Is like someone just left the door open for anyone to come in.

This must be due to incompetent people that configured there device incorrectly and inadvertently opened there device to be accessible from the internet, hopefully by accident.
Click to expand...

But why are we able to ROUTE to those devices? These are private ranges that should not be 1. Assigned to anything public 2. Routable from WAN.

No response from Vox from my side.
 
jannier said:
This must be due to incompetent people that configured there device incorrectly and inadvertently opened there device to be accessible from the internet, hopefully by accident.
Click to expand...

There shouldn't be a route to these IP ranges in the first place.
 
I now remember seeing this a few months ago and completely forgot about it. I was going mad trying to connect to stuff on our VPN when the ping to the internal gateway was working (with latency that I expected). After I finally realised that I was not even connected to the VPN, I double checked that the 'private' IP I was pinging was really not out server and connected to the VPN, after which local routing of course took over and 'fixed' it.

I honestly can't remember what ISP I was using at that time, but most likely Vox. That said, it looks like WebAfrica also does not try to drop/reject these packets early (or at all).

Code: 
[admin@MikroTik] > /tool traceroute use-dns=yes interface=pppoe-webafrica count=1 192.168.0.1
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1                                  100%    1 timeout
 2 196.38.75.82                       0%    1   6.3ms     6.3     6.3     6.3       0 <MPLS:L=227,E=0>
 3 196.38.75.81                       0%    1   4.4ms     4.4     4.4     4.4       0
 4 196.35.115.136                     0%    1   1.9ms     1.9     1.9     1.9       0
 5 mi-za-cpt-p7-te0-7-0-0.ip.isn...   0%    1   3.2ms     3.2     3.2     3.2       0
 6 168.209.100.101                    0%    1  20.6ms    20.6    20.6    20.6       0
 7 cbs1-rba-fa0-0.ip.isnet.net        0%    1  19.2ms    19.2    19.2    19.2       0
 8                                  100%    1 timeout
 9                                  100%    1 timeout
10                                  100%    1 timeout
11                                  100%    1 timeout
12                                  100%    1 timeout

[admin@MikroTik] > /tool traceroute use-dns=yes interface=pppoe-vox count=1 192.168.0.1
 # ADDRESS                          LOSS SENT    LAST     AVG    BEST   WORST STD-DEV STATUS
 1                                  100%    1 timeout
 2 vox-upload-teraco-cpt-barrack...   0%    1   2.4ms     2.4     2.4     2.4       0
 3 vox-b2b-pts-barrack-ipc-int.v...   0%    1   4.9ms     4.9     4.9     4.9       0
 4 41.193.120.37                      0%    1   6.3ms     6.3     6.3     6.3       0 <MPLS:L=471858,E=0>
 5                                  100%    1 timeout
 6                                  100%    1 timeout
 7                                  100%    1 timeout
 8                                  100%    1 timeout
 9                                  100%    1 timeout


Addendum: http://serverfault.com/a/374134
Seems like other ISPs also just forward down default gateways rather than reject the packet. Maybe there's a performance hit that justifies merely sending the unlikely packet onward. I think it's time I make my own router reject these packets to prevent me from accidentally accessing some random server thinking it's internal.
 
Last edited:
Vox control panel : Unfortunately the usage data cannot be loaded at this time. Please try again later.
Click to expand...

Hope they've finished updating the data records for Jan'17 by tomorrow, because nothing has been updated since the end of Dec'16 in my account.
 
Something is stuffed with their customer DB. Sometimes I can log in, other times it gives an error. Can't see daily usage either. Website sux.
 
I suspect the senior techs are all on leave. The juniors took over the asylum, pushed a wrong button...
 
Holy hell, there is something wrong in Johannesburg, specially that 41.193.3.101 address. As soon as my packets hope to that, the latency skyrockets to over 1000 milliseconds. Makes playing online, unplayable.
 
They finally started updating usage, but it's only a small proportion of what I've used in January. Overnight usage also not being included, yet. Wake up, Vox!
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X