15.06.2009 07:48:21
Blog
Flaws in the Telfort network

Dear readers,

A couple of years ago, when I was still in college, I wanted to take a good 'look' at the IP networks of the Dutch mobile providers. Back then my service provider was Orange (now T-Mobile) so I started off with their networks. Since receiving an MMS is usually free of charge, I connected to that APN first. I collected all hosts and protocol information that you need to send an MMS and tried to access other computers on the Internet using the same configuration as when you are (sending or) receiving an MMS. I found out that I could connect to their mms proxy server and give it an 'CONNECT xxx.xxx.xxx.xxx:8080' command to connect to any computer on the net using port 443 or 8080! This opened up a world of opportunities, since I was already running an OpenVPN server on one of those ports. A free internet service (without land borders!) was born! What they should have done was only to allow connections to their MMS host and disallow all other requests on that proxy.
I've contacted Orange and let them know this flaw exists and within a couple of weeks they fixed the problem and connecting to the proxy using the 'CONNECT' command didn't work anymore.

Ofcourse I didn't give up and started to buy prepaid cards of the other providers from the Netherlands to see if they had made the same mistake as Orange did. I didn't have to look far, because Telfort had the same flaw in their MMS proxy. I've also emailed and called them twice about this problem, but they didn't have a clue about what was going on. The second time I've let them know, was when they opened up their HS(D)PA network for prepaid users, so it was actually a really good replacement for other, paid services.
This flaw existed for the last two or three years, but recently they decided to fix the problem (maybe because they accidentaly updated their software?) and connecting to the proxy using the 'CONNECT' command isn't posible anymore.

All the other providers in the Netherlands were secure on that matter (but T-Mobile allows you to have an negative amount of call credit!), but Telfort still has one little flaw in their network that allows you to ping through;)

Wouter van der Veer, R&D 2go-mobile B.V.

Article dated : 15 jun 2009
Rev : 3

 

My old artwork!



  
 

Reply this post
Username:

E-mail:

  Enter text shown in left:
 



Blog about joomla | IDOBlog - blog for joomla 1.5
Copyright © 2010 2go-mobile | All rights reserved.