WOW Internet is routing customer's non-routable addresses

2 points by nasalgoat ↗ HN
WideOpenWest (http://www.wowway.com/) is the 13th largest ISP in the US, so you would think they know what they're doing. However, I have discovered that they are routing non-routable IP ranges - 192.168, 172.16-30 and 10 - between all their customers.

After running several IP scans, it would seem that it is possible to see the entire WOW network - media servers, routers, media catchers, phones, etc. They are on private IP numbers, but they are visible to all customers of WOW.

Most home routers have a default 0.0.0.0 gateway to send all traffic to the upstream, and the upstream is supposed to be smart enough to drop all non-routable traffic. Not so much in this case.

In fact, WOW themselves admit to the problem and that it has been an issue for over a year.

This sort of massive, long-lasting security hole in a large-scale ISP needs to be dealt with immediately, so I am bringing it to the Internet as a whole's attention.

0 comments

[ 2.5 ms ] story [ 7.0 ms ] thread

No comments yet.