Eircom Netopia Routers Are Wide Open

BobTheBeat

I would imagine that the privacy option is to allow the name of your network (or your SSID) to be broadcast. If you set it to off, then when someone wants to join your network they will have to know the network name and have to type it manually.

TelePaul

Lads, thanks a million for that. You guys are really on the ball, have ya ever thought about working for Eircom? Cheers for the advice, I'm a bit of a technophobe. And when something big like this happens, kinda makes us techophobes want to run to our caves in the hills!

BobTheBeat

Best of luck TelePaul! I think theres alot of scare mongering going on with this issue. TBH the problem with WEP has been well publicised for a long time, it was only a matter of time before somebody picked it up and ran with it. I suppose moreso with the fact that Eircom recommended WEP as a good security solution. People dont exactly have to go very far these days to find wireless access, so I wouldnt expect hacks0rz in shady cars going around stealing pplz int3rn3tz.

standbyme

bobmeaney wrote:

I would imagine that the privacy option is to allow the name of your network (or your SSID) to be broadcast. If you set it to off, then when someone wants to join your network they will have to know the network name and have to type it manually.

Thanks i'll try to find out a bit more on that

Zoney

The Irish Times article read as if the routers were the problem, not how Eircom set up the routers; the story made it look like Eircom just got some dodgy kit off Motorola. Usual Irish tech journalism standard I suppose.

TelePaul

bobmeaney wrote:

People dont exactly have to go very far these days to find wireless access, so I wouldnt expect hacks0rz in shady cars going around stealing pplz int3rn3tz.

That's a good point, like...why bother! It'd let them piggyback though I guess....I know I have a download allowance or some such, guess they could use that up. So should I change SSID as well as changing to WPA?

bartificer

standbyme wrote:

That's ok, as i thought you had to do that as well to enable WAP on your Netopia router, so no need to do that.

On the link given, what privacy should the WAP be set up for when i have to use the wireless, as i dont think i'll be able to get thru CustSupt if theyre busy.

Thanks.

On the Netopia router you should set the "Privacy" drop down to "WPA-PSK" (PSK stands for Pre-Shared Key in case you're curious).

bartificer

TelePaul wrote:

That's a good point, like...why bother! It'd let them piggyback though I guess....I know I have a download allowance or some such, guess they could use that up. So should I change SSID as well as changing to WPA?

If you change to WPA with a strong (i.e. long) random password you'll be grand. No need to change the SSID though it won't do any harm.

Bart.

BobTheBeat

TelePaul wrote:

That's a good point, like...why bother! It'd let them piggyback though I guess....I know I have a download allowance or some such, guess they could use that up. So should I change SSID as well as changing to WPA?

Well bartificer just pointed out that the privacy option sets the encryption to be used on your network, so disregard the comment about the SSID hiding.

You'll be safe enough with WPA though. Its tough to crack and its easy to implement.

The speeds achievable through conventional wireless solutions are small enough that it would be useless for bandwidth stealing. If I was a cracker or war driver or whatever looking for bandwidth,Id be travelling around with a microwave receiver trying steal from all the point to point links around the cities. Thats where the big bandwidth is available.

I suppose the real fear with wireless access in peoples houses is that you might have unsavouries sniffing about, and potentially harvesting credit card/online banking credentials should they manage to compromise your network.

standbyme

bartificer wrote:

On the Netopia router you should set the "Privacy" drop down to "WPA-PSK" (PSK stands for Pre-Shared Key in case you're curious).

Thanks, & then when you're setting up the p/word you could use generator at GRC as well.

zugvogel

Not sure if this is relevant or covered already?
This link http://www.wifinetnews.com/archives/002926.html mentions a free WPA client for pre XP Microsoft OSs.

zug

standbyme

This is probably off-topic, but got a lot of Database errors in the past 20m & my DSL kept going down & then broadband disconnected as well & then page refreshes & its ok?

As well as that i'd imagine there's more people on the site today cos of the Eircom routers story as well.

syklops

Does anyone have an email address for the guy who wrote the PoC code? I tried the one in his source code but I keep getting bounce backs.

PM me if you have it.

Cloud

Yep, the coverage meant we had to restart our database server. Should be settling down again now...

watty

Features Boards.ie on El Reg version of story... Though strangely they insist 250,000 routers involved.

thefinalstage

Cloud wrote:

Yep, the coverage meant we had to restart our database server. Should be settling down again now...

*Kirching* Thats the sound of money being made.

thefinalstage

Sorry for double post but its on bloody tv3 news!

BloodSugarSex

whats the range on the netopia routers?

kleefarr

thelastangryman wrote:

Sorry for double post but its on bloody tv3 news!

Just saw that.

thefinalstage

BloodSugarSex wrote:

whats the range on the netopia routers?

About 50 feet with any good connection. Less the more obstacles are in the way.
Eircom are advising people to change their WEP keys. What the hell! I'll even write the article on how to change your wireless network to using WPA, its not that hard!

They could use this as MAJOR P.R. stunt and supply their customers with WPA compatible wireless dongles.

piskins72

just want to ask, on the rte site it mentions 2 specific models of the netopia routers, is it just those that are effected or would the other models be effected also?

paul666

is there a way to find out if anyone was leeching of our bb

Sponge Bob

IN SILICON REPUBLIC

http://www.siliconrepublic.com/news/news.nv?storyid=single9332

Would have gone on another 6 months easy. Thast guy should name and shame the eircom heads. Of course now no paedophile with a Netopia can be convicted based on net traffic since March 2007 ...or is that 2005

Eircom knew about security flaw, says engineer
02.10.2007 - Since early March, Eircom has been aware of a security flaw which allows hackers to piggyback the broadband of over 200,000 of its customers who use Netopia wireless modems, according to Peter McShane, the software engineer who first alerted the telecoms company to the problem. “I contacted them at the beginning of March this year and give them the full details of the issue, which was the first time they were made aware of this,” he said.

McShane told siliconrepublic.com that over the subsequent five or six months he was in contact with the company but saw “very little movement” leading him to contact the Commissions for Communications Regulation (ComReg) at the beginning of September.

“When I went to ComReg they shared my misgivings about the fact that there was no intention from Eircom at that stage to proactively inform people that there was something amiss ,” said McShane.

Comreg did not give a **** and did nothing as ever ya mean

watty

If a WiFi is upstairs near window, then it can be picked up over 100m away. Or 1km across a field if the leech has an MMDS dish.

With an MMDS dish I can see the SSID of an outdoor Omni WiFi 9km away (nothing in between).

is there a way to find out if anyone was leeching of our bb

No.
Which is why proper commercial firewalls have logging. Then you know IP of user, web sites, email servers used, ftp, time, date & duration.

If you know you hardly used it and the ISP traffic monitor shows huge amount?

pid()

watty wrote:

If a WiFi is upstairs near window, then it can be picked up over 100m away. Or 1km across a field if the leech has an MMDS dish.

With an MMDS dish I can see the SSID of an outdoor Omni WiFi 9km away (nothing in between).

No.
Which is why proper commercial firewalls have logging. Then you know IP of user, web sites, email servers used, ftp, time, date & duration.

If you know you hardly used it and the ISP traffic monitor shows huge amount?

Wrong, you can check logs on the routers. Put them into expert mode, Then go to Statistics -> Logs. You can then select connection logs and you'll see mac address and ip assigned to clients connecting. Of course, anyone connecting was able to clear these logs if you didn't have a password on your router.

tck

syklops wrote:

Does anyone have an email address for the guy who wrote the PoC code? I tried the one in his source code but I keep getting bounce backs.

PM me if you have it.

you can find them lurking on the nologin silc servers

Keano

I couldn't wait to get home from work to change my settings! Silly old me didn't even think when setting it up! Thanks to those of you have posted help. Cheers

standbyme

I turned off the wireless a while ago, when all this happened today, as i only had it on when my brother was visiting used it, but do i still have to change the password?

I tried to ask this question a while back today, but still kept on getting database errors & had 3 tabs still refreshing 5m later,
although Cloud said it should settle down or is it a result of the wireless being shut down-that may sound silly but i dont know anything bout it

Thanks, as my head is done in with all this today

AlmightyCushion

standbyme wrote:

I turned off the wireless a while ago, when all this happened today, as i only had it on when my brother was visiting used it, but do i still have to change the password?

I tried to ask this question a while back today, but still kept on getting database errors & had 3 tabs still refreshing 5m later,
although Cloud said it should settle down or is it a result of the wireless being shut down-that may sound silly but i dont know anything bout it

Thanks, as my head is done in with all this today

As long as you don't turn on the wireless then there us no need to change the password. The reason the site was slow and you kept getting database errors was due to the traffic the site was getting from all of this. It has nothing to do with your wireless being off.

standbyme

Thanks, as i was going to email the gmail address boards has, but ended up replying to emails i had there, as i spend most of my time here

I think i might go to bed early for once

PS. I rang eircom cust supt about the dsl going down & back, yer man had no idea why, jeez-why do i bother
had told him i turned off the wireless & in future asked him bout enabling it told me to go to http://wirelesssecurity.eircom.net, i thought that was diff than what was shown on the site?

I suppose it is?

watty

Hmm.. That link does NOT recommend changing to WPA-PSK with 32 to 63 character random key, which it should.
Simply changing the WEP key only stops the most casual leech and does not delay a determined leech more than 5 or 10 minutes. No tech training needed, only Google.

watty

pid() wrote:

Wrong, you can check logs on the routers. Put them into expert mode, Then go to Statistics -> Logs. You can then select connection logs and you'll see mac address and ip assigned to clients connecting. Of course, anyone connecting was able to clear these logs if you didn't have a password on your router.

If you knew enough to enable logging (which is minimal compared with professional firewall product), BEFORE you found out about this wonder flaw, you would have WPA, or at least not have used the eircom CD so wouldn't be prone to visitors in the 1st place.

standbyme

watty wrote:

Hmm.. That link does NOT recommend changing to WPA-PSK with 32 to 63 character random key, which it should.
Simply changing the WEP key only stops the most casual leech and does not delay a determined leech more than 5 or 10 minutes. No tech training needed, only Google.

Sounds like eircom need to be configured
I noticed Basic Modem Config: on the broadband main page it showed me my OS & password, is that the default one?

Also i noticed when you copy & paste instead of clicking on http://wirelesssecurity.eircom.net/ into google it doesnt exist?

Sorry for all the questions but you do get curious in this situation.

Thanks, time for bed-yawwwnnnnnn!!

pid()

watty wrote:

If you knew enough to enable logging (which is minimal compared with professional firewall product), BEFORE you found out about this wonder flaw, you would have WPA, or at least not have used the eircom CD so wouldn't be prone to visitors in the 1st place.

Logging is enabled by default on the routers.

watty

All of them or just more recent ones? Actually the last Netopia I set up was a long while ago and had no wireless, so the user went and bought a Netgear, which I then setup instead.

How much can it possibly log and in what detail given the very limited memory free on a router? I had to switch from a Dlink to ClarkConnect running on Linux CentOS for my own firewall as I ran out memory to add port forwarding. I only use the Dlink wan router as a MIMO airpoint now.

pid()

Logging has been enabled on every eircom netopia router with wireless capability that I have come across.

I'm unsure of the logging capacity, however, on my router at home all connections for the last 36 days have been logged. In saying that, I am the only one connecting to the router so there's not a whole lot of logging to be done. It logs the IP and MAC of the clients which connect. When I was in college our router was shared by 20+ people and I remember the logs being very big on there, and it was still logging fine. By very big I mean if you printed the connection logs it would be over 100 pages. After all, it's only text. I imagine it can store a few megs at least.

pedro_m

Actually, the netopia routers support full syslog logging to an external syslog server. This can provide logging down to the packet level and generates huge volumes of data. If you ever have trouble sleeping at night try wading through them and see all the s**t bouncing off the fire wall!

It's particularly amusing when you drop the connection and get allocated a new ip address that was being heavily attacked when it dropped its connection...

ZeRoY

TelePaul wrote:

That's a good point, like...why bother! It'd let them piggyback though I guess....I know I have a download allowance or some such, guess they could use that up. So should I change SSID as well as changing to WPA?

I think you are missing an important point here. The issue of "piggybacking" on your broadband isn't the traffic usage as such - Imagine the intruder piggyback and then goes on to hack a company's network or website, who do you think the public IP will belong to?

You of course! Then you can be in trouble :eek:

spockpower

em question.
i just got the netopia wireless 3d reach usb adapter.

but whenever i plug it in to my usb the whole computershuts down???
why is this happenin??

TelePaul

ZeRoY wrote:

I think you are missing an important point here. The issue of "piggybacking" on your broadband isn't the traffic usage as such - Imagine the intruder piggyback and then goes on to hack a company's network or website, who do you think the public IP will belong to?

You of course! Then you can be in trouble :eek:

Ah okay. I see. I have WPA now.

BloodSugarSex

spockpower wrote:

em question.
i just got the netopia wireless 3d reach usb adapter.

but whenever i plug it in to my usb the whole computershuts down???
why is this happenin??

thats weird

try sticking it in a different usb port

watty

eircom should have Marketed this as a feature 6mnths ago and beaten BT
http://www.theregister.co.uk/2007/10/04/bt_fon_wifi_kibbutz/

towel401

I leave mine open on purpose. I do quite a bit of piggybacking myself so I would be a hypocrite not to. though its unlikely somebody will be able to access it from the road cause its so far away.

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

life would be just too easy for the IRMA ****ers and those if every IP address was bound to a particular person. the people who run open access points in coffee shops, or run TOR proxies don't get in trouble so ordinary folk wouldnt either if they had an open AP

bartificer

towel401 wrote:

I leave mine open on purpose. I do quite a bit of piggybacking myself so I would be a hypocrite not to. though its unlikely somebody will be able to access it from the road cause its so far away.

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

life would be just too easy for the IRMA ****ers and those if every IP address was bound to a particular person. the people who run open access points in coffee shops, or run TOR proxies don't get in trouble so ordinary folk wouldnt either if they had an open AP

You might be right. But I for one don't want the hassle. And, since I never steal other people's broad band I don't feel even remotely guilty for locking mine down

pid()

towel401 wrote:

everyone is allowed to run an open network if they want and i hope it stays that way.

Actually you're completely wrong. Read eircom's terms of service. This is against the terms and conditions of your contract with eircom. This contract can be terminated and you can be fined as a result of this.

Tazzle

Hands up who's with eircom and signed a contract? Not me anyway....

IrlJidel

towel401 wrote:

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

I used to work for an ISP and used to liase with the Gardai with requests to map IP addresses to customers.

If the only evidence the Gardai have so far is that your connection was used on a number of occasions to upload kiddy pr0n, _and_ they want to investigate further , then the next step would be to get a search warrant and seize your equipment to examine for evidence.

Unfortunately at that stage all your neighbours will just presume you're guilty. If the guards have seized your equipment it would also take some time before you get it back.

watty

Tazzle wrote:

Hands up who's with eircom and signed a contract? Not me anyway....

payment implies acceptance of contract terms. Ordering via phone or online without signature is deemed to be be contract once they supply you.

You don't have to physically sign for a contract to be binding.

watty

towel401 wrote:

I leave mine open on purpose. I do quite a bit of piggybacking myself so I would be a hypocrite not to. though its unlikely somebody will be able to access it from the road cause its so far away.

sure if someone hacks or loads kiddy pr0n off your connection you might get a few phonecalls and that. but at the end of the day they need more than a report of your IP address being used before they can do anything to you. everyone is allowed to run an open network if they want and i hope it stays that way.

life would be just too easy for the IRMA ****ers and those if every IP address was bound to a particular person. the people who run open access points in coffee shops, or run TOR proxies don't get in trouble so ordinary folk wouldnt either if they had an open AP

People running WiFi Hotspots like Hotels etc have to sign up for a business package.

You are only allowed to run an open network if your T&C permit it. It would not be regarded as "Fair Use".

You don't just get a phone call. The Garda do seize all the computers.

towel401

watty wrote:

People running WiFi Hotspots like Hotels etc have to sign up for a business package.

You are only allowed to run an open network if your T&C permit it. It would not be regarded as "Fair Use".

You don't just get a phone call. The Garda do seize all the computers.

i have the business package & i never heard of anyone getting in trouble for running an open wifi network. i know about this T&C thing where they dont want you to share it with other people to encourage the other people to get their own connection but eircom says that you only can't resell it. so if you are giving it away for free its ok

the garda coming after you is unlikely unless you are doing some hardcore kiddy pr0n trading or someone is doing it off your connection.