So I have a morel questions for everyone, today I noticed a huge load on both our Barracuda Spam Firewall 300 and I started to do some digging and found an IP address that was hammering it. So I decided for fun I would type this IP into my browser. Much to my amazement a router logon came up with a model name listed. So I did about 3 seconds research and found out the default username and password and believe it or not I was in. I couldn’t believe how easy it was. Now I know the user has no idea they are sending out spam but have been infected somehow so it would not be fair to punish the user by doing something malicious, but I wanted to stop the spam. I noticed the user was using PPoE to authenticate to their ISP so I changed their username to “IT_SEEMS_YOU_HAVE_BEEN_HACKED_YOUR_SPAMMING” something short and to the point. After that I saved it and my fun was over as the router no longer had connection, so it seems like my change worked. I was proud of myself for doing this public service.
So my morel question is, did I do anything wrong?
© Caspan 2011