How BSNL internet networks are terribly dangerous


All BSNL users beware!

I’m aware many of you must be using BSNL Dataone as your Internet Service provider. BSNL networks are unprotected and can be a great security threat if you do not take care and change your passwords and use firewalls. I will illustrate this by hacking into my own PC.

Some things you should know-

Every computer ( or device to be precise) that accesses the internet is alotted an IP address by your internet service provider. This IP address is unique to your computer and is used to track your internet activity -the websites that you visit online record your IP addresses and store them and make them available to local authorities in case you break the law. An IP address can often be used to identify the region or country from which a computer is connecting to the Internet

Ip addresses are of two types – 1) Shared IP addresses (Local).

 If you are connected to a router or even a modem you have an internal IP address which looks something like 192.168.1.2 , 192.168.1.X etc which represents your laptops/pc’s location internally.These are by default assigned automatically by something called DHCP (Dynamic Host Configuration Protocol). So they are “leased” for some time and then you get a new ip each time you connect to the network. You can also make it static by setting it manually

The router communicates with BSNL(your ISP) and is your “gateway” to the internet. BSNL assigns your ROUTER a new IP address each time you establish the connection to the internet. However this single address is shared by all the computers on your local network. You can see as in the first diagram.

However that is not the full story

There are many such networks just like yours which are connected to switches and then sent for final routing towards your ISP as shown. These networks should technically be hidden from each other.

However BSNL has not made them hidden.i.e anyone can access your Modem/Router if he knows the username and password.

See for yourself

  • 1. Find out your external IP address by going to www.whatismyipaddress.com . Note it down
  • 2.  Download Advanced IP scanner from www.radmin.com/products/utilities/ipscanner.php
  • 3. Install it and run it
  • 4. In the IP range box type in your IP as given for the start. and for the end just change the last three digits group to 255. for example My ip was 117.195.38.19
  • So I put my range as 117.195.38.0 to 117.195.38.255
  • 5. Hit scan. You should see something like this

How do you make sense of this?

The IP’s you see marked as “alive” are the routers that are connected to your network. The ping – is the time required for a small packet (like 32bits of data)  to go and come back to that router in milliseconds. Any ping <100 indicates the computers are nearby (or the network is amazingly fast!) 😀

If you select one of the IP’s and right click them and select HTTP , Your browser opens and asks you for your username and password. This is essentially the login box of the other persons router.

At the login box , enter admin , admin as username and password. This is the default setting which is alotted to most routers which people do not bother to change. This is ONE BIG MISTAKE. If you are lucky enough you can get in

Here  you are logged into the other persons router. You can do anything like find out their  password, switch it etc. If by chance you know where the network is located nearby you can just join it normally after changing the password.

Lessons to be learnt

1. If you have a router – change the password to some alphanumeric sequence which is hard to guess. Select the type of encryption as WPA / WPA2-PSK and enter your shared key. Do NOT , in ANY CASE set the encryption as WEP or Shared. These keys can be hacked wirelessly under 8 minutes using a linux distro called “Backtrack 3”

2. Use a Firewall like Black ICE / Zone Alarm Pro etc. Do not use the windows firewall. It is bullshit. I believe Microsoft can even find out what sort of illegal software you use even if you enable the firewall.

3. Never give out your IP address. If it is static (does not change) then be extra careful. Change passwords every week.

Note: Please do not use this to hack into other peoples computers. What I have shown is for Demo purposes only

Advertisements

About harshalkutkar

Im a 19 year old geek who loves figuring things out on on his own and discovering new things View all posts by harshalkutkar

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: