dsl modem hacking (via telnet) - what to do with it?

i recently checked my network for open ports and found out that my dsl modem is not only accessible from the internet via telnet, but also has a very weak password, the default pwd for conexant modems. i know how to change this, no prob.

what i'm asking is: what could a hacker with bad intentions do with my modem? i've read something on the net about using a dns server and looking at traffic, but the page was in dutch…so :o i didn't understand much.

is it possible to sniff the traffic somehow over the telnet menu? currently i only found a tcp statistics section…

i'm looking forward to your replies :)

so long, ssidd

packet sniffer maybe , i dont have much experience with modem's never used one before

yeah, i'd like to use some sort of packet sniffer, but that seems inpossible. however, i can set up a dns server and resovle ips to different hostnames. ex.: ip: 209.85.135.103 (which is google) to www.microsoft.com but this is only useful for phishing and that is lame. :happy:

On some modems, I remember about reading (although this may only apply to those with routers built in) stories about gaining root access to the shell of said modems. Granted I can't remember if you can only do it LAN-wise.

Now as to what someone could do, I doubt it would be too much. The y could, perhaps on a vulnerable modem, for example, collect the password for your DSL service.

And I really can't explain anymore, I'm a tad foggy on the subject as it is.

to clarify 2 things:

1. i have access to the modem's telnet shell
2. the shell is worth shit - no cool options

the "attack" isn't based exactly on a vulnerability of the modem. it's only possible because nobody ever changed the pwd from default. :happy:

but, as i mentioned - the shell is only for some uninteresting options…. i'll up a screenshot in a few secs

here they are:

**main menu **

adsl status menu

network setup menu

edit: any suggestions dudes?

Looks like loads of stuff would be possible!

yeah, lot's of stuff to fuck up the internet access, but it isn't even possible to get the pptp password…:|

Ah yeah, some time ago I actually scanned over 20 thousand IP's, in smaller batches (2-4thousand per scan) and found that some of them have port 23 open. So I telnet to it and bam. Conexant modem. Ive found nothing intresting there too, except the "restore to defaults and reset" option, which I used once, and only once. Maybe if it had a network to it, a LAN, it might've showed something intresting, but that was a standalone router directly connected to a PC.

On another note, I stumbled upon an old school like BBS, but didnt have any sort of user/password combo to get into it.

cool, an old skool bbs :) yeah…portscanning is fun…i'll have to do it again some time…maybe for ftps this time :happy: