Be alert! Your ADSL account has been stolen

The following content from: http://www.aikko.com/bbs/viewthread.php? Tid = 13417 & extra = page % 3D1

With the popularity of ADSL, people enjoy the speed of broadband, and network security has been paid more and more attention. Have you ever thought that your ADSL account and password are actually exposed on the Internet? Using some tools and techniques, you can easily obtain your account and password to access the Internet, and even purchase products such as QQ coins, lianzhong monthly card, and game card.

You may have modified your ADSL account password several times, thoroughly scanned and killed local Trojans and viruses, and installed the latest patches on the operating system. However, you still cannot prevent account theft, it was still time-consuming to make phone calls. Then, after reading this article, you will surely pat your head and say, "Oh, the original problem is the ADSL Modem. "
Currently, ADSL Internet access is very popular. Most families use multiple computers to connect to a vswitch to save money, and then the UPLINK port of the vswitch is connected to the ADSL Modem (which enables the routing function ), in this way, you can connect multiple computers to the Internet. Pay special attention to the default ADSL Modem vulnerability.
Vulnerability Analysis
There are three ways to configure ADSL Modem:
1. the Web method is to enter the IP address of the Modem in the browser. In the prompt bar, enter the user name and password to enter the Administrator settings page. This is the most common and simple method.
2. Telnet method, that is, enter "telnet Modem IP Address" in command line mode, and then enter the password to enter the management interface.
3. Use the vendor's own configuration program to enter the configuration interface, such as CyberLink 6307/6309 kg. then, use the dslcom.exe program in the attached optical disk to enter the management interface.
Generally, the management IP addresses of ADSL Modem are Intranet IP addresses, such as 10. *. * or 192. 168. However, when multiple computers access the Internet and use the ADSL Modem routing function, the Modem actually has a public IP address, which can be used to access the ADSL Modem. If you have saved the ADSL account and password in the Modem configuration, the management password of the ADSL Modem is set by default and has not been changed, then, anyone can enter the default password to go to the management interface and further obtain the ADSL account and password.
People with ulterior motives launch attacks
According to the three configuration methods of the ADSL Modem mentioned earlier, we can know that all the methods for enabling Web port (80) and Telnet port (23) may be ADSL Modem, then the hacker first scans the corresponding ADSL user network segment and searches for IP addresses that enable ports 23 and 80.
Step 1: Use a scanner to find IP addresses that enable ports 23 and 80 in the ADSL user network segment. The hacker used a scanner and set the scan object to speed up scanning. In this way, only the active host and open services are retained in "Settings> scan module, then, set the IP address range to be scanned in the detection range of "scan parameters → Basic settings", and retain only ports 23 and 80 in "scan parameters → Port Settings, click "file → start scanning ".
After a while, the scan results will come out (see figure 1). Next, hackers will use the IP addresses opened on ports 23 and 80 in the list to launch attacks.

Step 2: The hacker starts IE and enters the IP address and press enter in the address bar. If you are lucky, a logon interface will pop up (see figure 2), that is, the ADSL Modem management logon interface mentioned above, enter the default management account and password for the corresponding ADSL Modem model. If the other party does not modify the password, the hacker can log on to the management interface.

Believe it or not, the hacker scanned the ADSL Modem model HUAWEI MT800, and its default Management User and password were "ADMIN ", after logging on to the console, click "ATM Setting" to view the saved ADSL account and password (see figure 3 ).

Step 3: A hacker uses a method to view the content represented by an asterisk and obtains the ADSL account and password.
Fix major vulnerabilities
If you already know the problem, you should make up for the vulnerability as soon as possible. Since the routing function must be enabled, You have to modify the default management password to complete the repair.
Step 1: log on to the ADSL Modem management interface, which is described by HUAWEI MT800. Click "Access Managerment". The management user settings page is displayed (see figure 4 ), here we can see that the management username is "admin" and the permission is "root ".

Step 2: Click the pen icon under "action (s)" to enter the account settings page, enter the old password and confirm the new password, and click "submit.
With such a simple two-step operation, we can solve such a large vulnerability. It can be said that it would be a huge sum of money, and we will no longer be confused with the phone bill.
Note: This document is only used for technical research. Do not use it for illegal activities.