Name: Anonymous 2010-06-12 11:48
Hello. I have found a major security bug that easily allows for rooting of one of the largest American ISP's default routers that they supply their residential customers.
I did a subnet scan on only one of their 60+ /14s. I got at least 4,500 susceptible clients that can be rooted in only ONE of their /14s.
So my question is, what should I do? I have the possibility of having a very fucking huge botnet, all for free, and all off very fast residential connections (which would not be legal, nor would I ever do; I am just stating that is "an option"). Or, the ISP could fix the problem if I harass them enough about it.
I already contacted the ISP 3 times - one 6 months ago, another 4 weeks ago, and again last night.
The main guy at their NOC basically stated that the customer needs to "protect their own security", and that it is not "the ISP's job to secure the users".
What should I do?! I want this problem fixed, but I also do not want all their customers to have fucked up Internet (if I release the bug, everyone will slurp it up and fuck up the people's routers, etc)
Thanks in advance for any suggestions on what I should do.
I did a subnet scan on only one of their 60+ /14s. I got at least 4,500 susceptible clients that can be rooted in only ONE of their /14s.
So my question is, what should I do? I have the possibility of having a very fucking huge botnet, all for free, and all off very fast residential connections (which would not be legal, nor would I ever do; I am just stating that is "an option"). Or, the ISP could fix the problem if I harass them enough about it.
I already contacted the ISP 3 times - one 6 months ago, another 4 weeks ago, and again last night.
The main guy at their NOC basically stated that the customer needs to "protect their own security", and that it is not "the ISP's job to secure the users".
What should I do?! I want this problem fixed, but I also do not want all their customers to have fucked up Internet (if I release the bug, everyone will slurp it up and fuck up the people's routers, etc)
Thanks in advance for any suggestions on what I should do.