back to article POODLE vuln dogs Australian consumer modems

The persistent awfulness of consumer broadband modems is once again in evidence, with the Poodle and Freak bugs present in a huge number of Australian households. The issue has hit Twitter, with some people reporting that ISPs are notifying them of possible malicious traffic – but without useful information on what to do. TPG …

  1. Bubba Von Braun

    Typical mindless action from TPG

    This is so typical of TPG, I am yet to get a response from them of what malicious traffic is being sent by my service with them, so I might avoid a unilateral disconnection.

    I wont hold my breath, and seals my decision to move away from them..

    Sadly iiNet customers can look forward to this sort of mindless responses, no wonder Michael Malone came out against the takeover.

    1. John Tserkezis

      Re: Typical mindless action from TPG

      "Sadly iiNet customers can look forward to this sort of mindless responses, no wonder Michael Malone came out against the takeover."

      I agree, but for different reasons. This is the generic alert you're going to get from ANY isp.

      We received one from the ISP where I used to work who blocked only the port the garbage was being sent on. Once we knew what was going on, we tracked down the offending user who's machine was compromised (virus scanners are bloody useless), and once we verified he wasn't spewing spam anymore, we got in touch with our ISP and told them to take the block off and see that we weren't leaking anymore. And that was that, all rather painless. We did however, know what we were doing.

      Home users on the other hand - good luck with that. It would make sense that TPG block only the port(s) that were doing the spewing, but to take the brutal approach and block the entire account is too much.

      It's especially amusing they suggest antivirus software, as in our case, the malware went straight through it like that vindaloo you had for lunch last week.

      Like I said, I was going to churn to iiNet, but since TPG is buying them - hell no.

      1. Anonymous Coward
        Anonymous Coward

        Re: Typical mindless action from TPG

        So I got one of these related to my WD MyBookLive. Seems that WD haven't bothered to update firmware on their devices to disable SSLv2 & 3. Nor do they ever answer support calls from mere mortals...I ranted at TPG and got the following answer:

        ===

        Yes this is only a notification to our customers about the vulnerability on FREAK and POODLE. We are also working on the notification message so this may change in the future.

        As for the suspension of the account, customers will normally get a phone call if we are really going to end up in suspending a service. When we end up with this choice that means there is really a threat coming from the said network.

        ===

        Admittedly, that first threatening mail from them could have been worded better, but I think ACMA is the culprit here...trying to justify funding for AISI.

        If you check the AISI malware statistics at http://www.acma.gov.au/Industry/Internet/e-Security/Australian-Internet-Security-Initiative/aisi-malware-statistics-1 you will see that there are in fact over 200,000 vulnerable services in Oz...I guess ACMA just couldn't resist doing something about it. :-)

      2. Bubba Von Braun

        Re: Typical mindless action from TPG

        John,

        I don't disagree in being alerted by the ISP, its the threats of disconnection, that I take issue with.

        And yes the average home user, would be totally confused and panicked by the disconnection threat.

        My response to them after correcting what was at best an eavesdropping vulnerability was to point out either the threat was ill-conceived or lazy use of a existing template.

  2. Scott Earle
    FAIL

    Poddle?

    Mr Chirgwin, you have excelled yourself. Now your first typo is not only in the headline, but is in the first word of the headline, in ALL CAPS!

    I expect that this will be fixed once a human has reviewed it, or the UK wakes up. But anyway - well done.

  3. druck Silver badge
    Stop

    Bloody well get it fixed

    +Comment: It's almost impossible to expect home users en masse to learn even the most basic configuration tasks. There's no way Joe Sixpack is going to run a firmware upgrade and navigate a bunch of menus to find out where the remote management check-box is.

    For that reason, it's also unfair to threaten blocking services to users who don't know what's going on.

    It's perfectly fair. If the police pull you over for having an mechanically unsafe vehicle on the public highway, you have to get it fixed or it will be impounded. If you can't fix it yourself, you take it to a garage. It should be the same with devices using the public internet.

    1. Bubba Von Braun
      Thumb Down

      Re: Bloody well get it fixed

      But this is not mechanically unsound.. using your analogy.

      It more a matter of being made un-roadworthy because you have standard tires and not the steel belt radials that the cop thinks you should have on your car.

      If the detected threat was one of spewing spam or other vulnerability, that impacted network performance or availability I could agree. But its not. The risk was exposure of credentials, or other information int he session.. and they didn't scan the router either.. they were looking on 443 for SSL hosts not scanning non-standard ports.

      Educate folks, but dont do it with FUD.

      One looks at the vulnerability and how it applies to ones environment, and makes a risk assessment.. In my case a risk, and scheduled for the next service.. The threat meant it got bought forward The cost.. TPG has lost a customer.. actually a number of them as their contracts expire, as they are now on the same class as DoDo for their service quality.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bloody well get it fixed

        But this is not mechanically unsound.. using your analogy.

        It more a matter of being made un-roadworthy because you have standard tires and not the steel belt radials that the cop thinks you should have on your car.

        More like not being roadworthy because it has no indicators and so you as the driver have to open the window and give hand signals.

        Or unroadworthy because the car predates having seatbelts.

  4. Spaceman Spiff

    First thing

    The first thing I do when a new router/modem is installed in my system is to disable remote management myself, if the installer won't do it for me. I think that if they are not willing to, I should cancel the installation and send them on their way, demanding my $$ back!

  5. adfh

    One of the big problems is...

    ... even those of us who know how to upgrade firmware and to adjust router config settings, don't always have an option to do so, because often (as is with a lot of "embedded computing" devices) the manufacturers wash their hands of any responsibility after maybe a year or so.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021