Local ISP broadcasts account holders name as IP subdomain translation!

tankman1989

tankman1989

Active Member
Reaction score
5
I just found this doing some scanning with Backtrack. IMO this is a breach of privacy with the company as there is no registered public address mentioned within the contract. I sure wouldn't make a domain or subdomain with my name on it and I doubt a customer would want it either unless specifically requested.

An example of the address is ltn-AccountHoldersName.branch.ISPname.net

What are your thoughts on this? A breach of trust and security? Sounds like an easy target for cyber-stalkers.
 
How is it "Public" information if you're finding it with Backtrack? That's like blaming the mail service for breaching confidentiality because someone opening your mailbox and looked at your mail to find out your name. If your ISP gave you a modem/router that had your SSID set to "JohnSmith359", that could be considered public. I don't see how this is.
 
tankman1989 said:
I just found this doing some scanning with Backtrack.
Click to expand...

Given the capabilities of backtrack, I certainly hope you have written permission to scan the entities you are referring to. Your legal exposure is pretty great if not.

You are likely committing a misdemeanor and/or possibly a felony based on "Unlawful use of computer and other computer crimes - 18 Pa. Cons. Stat. § 7611" and you had best re-read your ISP agreement - every one I am aware of prohibits port scanning.

Just saying maybe a public forum is not where you want to bring this stuff up - especially with your profile containing identifying information.
 
How about we all worry about our own legalities and not assume or infer that others are breaking the laws when there is no indication that this was done. Thanks to Alice for making a logical explanation for the others who seem to need to exert some authoritative response.

This is hard to explain as I am still trying to figure out how the address translation is working. I didn't do anything illegal in scanning anything, it is all just looking at the port 80 on a web server, scanning the IP addresses requesting the information.

I'm not sure how the static IP addresses work behind an ISP NAT router vs dynamic IP addresses, but it seems that the static routes use the account holders name as the translated IP address. It's like a local DNS for behind the ISP's router. Just like you name computers on your network, you can access your computer by either the IP address or the computer name. With this ISP, for some reason, when a web page is requested it uses the "account name" instead of the IP address.
example: Computer Name = desktop; IP address 192.168.1.101
\\desktop\C$ = \\192.168.1.101\C$
You can use either of the above to do the same function if the local DNS/DHCP server is working (I think that is the server that translates the IP to the computer name).

So, what I have found on this ISP is that when a web page is requested, the address is represented as the "account name" instead of the IP address.
Example: Static IP address= 272.123.34.242; "Modem name" = ltn-AccountHoldersName.branch.ISPname.net (ltn-JohnDoe.branch.ITTinternet.net)
Therefore 272.123.34.242=ltn-AccountHoldersName.branch.ISPname.net when entered into the browser.
So, if you want to access your network/modem you can use the IP address or the "Modem name" to get to the address. This is just like accessing a domain name vs the IP address of any website.

I was scanning the incoming traffic of a webserver, looking at IP addresses, and found that some were coming through as non-numeric numbers, like the example I gave you. A search resulted over 7,000 other results of static IP's with account holders names as the translated "ISP domain name".

I don't know what to call the "ltn-AccountHoldersName.branch.ISPname.net " - which results in the same as entering the static IP address of the account holder.

I just don't know why the ISP is using the "account name" instead of the IP address outside their network and how that is working in getting traffic back to the requester.

Does that make any sense now?

Also, if the Static IP address is in any way related to a sub-sub-sub domain name with the account holders name in it, then I think that is a breach in security on the ISP side as well as a number of other problems that I see. There should be a UID instead of the account holders name. Never should the account holders name be used in any public or private domain name unless specifically desired by the user.
 
tankman1989 said:
How about we all worry about our own legalities and not assume or infer that others are breaking the laws when there is no indication that this was done.
Click to expand...

I certainly do keep in mind the legalities of network scans and I'd rather have a polite thank you for attempting to keep not only you but others from suffering unintended consequences of playing at/with tools like backtrack.

Perhaps if you are scanning your own ranges you could post such information? And based on the initial post you are scanning well outside your own range.

But no... instead I get a high handed kiss my a$$ and mind your own business.

That's all well and fine but last I checked this forum was intended for the dissemination of information. If you can't internally filter the responses without getting butt hurt maybe you should not post every stray thought that comes to your mind.
 
tankman1989 said:
I just don't know why the ISP is using the "account name" instead of the IP address outside their network and how that is working in getting traffic back to the requester.
Click to expand...
That's called a PTR record.
And actually, this is quite common.
When I was on dialup YEARS ago I had my account name as wtfyoulookingat so my IP would resolve to wtfyoulookingat.winky.qx.net
wtfyoulookingat = account name
winky = was for "Winchester, Kentucky"
qx.net = my ISP at the time
 
SAG said:
That's called a PTR record.
And actually, this is quite common.
When I was on dialup YEARS ago I had my account name as wtfyoulookingat so my IP would resolve to wtfyoulookingat.winky.qx.net
wtfyoulookingat = account name
winky = was for "Winchester, Kentucky"
qx.net = my ISP at the time
Click to expand...

Good, so someone understands what I am talking about. Now whether it is a breach of privacy is up to debate I guess and subjective unless stated in the contract.

Just out of curiosity, how did you get them to give you the name wtfyoulookingat ?? I don't think they would bill to that name :)
 
tankman1989 said:
Good, so someone understands what I am talking about. Now whether it is a breach of privacy is up to debate I guess and subjective unless stated in the contract.

Just out of curiosity, how did you get them to give you the name wtfyoulookingat ?? I don't think they would bill to that name :)
Click to expand...

Account name and billing name were two different things. The account name gave me the PTR record and email address of wtfyoulookingat, still billed it to "me" though.
Plus, I know (knew rather) the guys who ran the place. ;)
It's the same QX.net that hosts Fark.
 
You must log in or register to reply here.

Similar threads

Kitten Kong
  • Sticky
Questions and Answers relating to Microsoft Licencing Guidelines.
Replies
3
Views
13K
Rosco
Rosco
reesk92
help with contract
Replies
12
Views
2K
windowsrenew
windowsrenew
Back
Top