Deutsche Telekom Says 900,000 Fixed-Line Customers Suffer Outages

About 900,000 Deutsche Telekom fixed-line customers have been hit by network outages, the carries said on Monday, and it could not rule out "targeted external factors" as the reason. From a Reuters report: Fixed-line customers have had problems connecting to Deutsche Telekom's network since Sunday afternoon, the company said. "Based on the pattern of errors, it can not be ruled out that the router has been targeted externally, with the result that it can no longer log on to the network," Deutsche Telekom, which has 20 million fixed-line customers, said in a statement on it website.

The horror

[110010001000]

What will the Germans do without their daily dose of spam calls from India?

Re:TR-069 targeted

[Shatrat]

As someone who has worked with TR-069 from the carrier/vendor side, that doesn't surprise me at all. There are some provisions for security in the TR-069 protocol, but they're not taken as seriously or implemented as rigorously as they should be. I think this is inevitable when it's done over a public interface. A better solution is to give the router two WAN interfaces on two different VLANs, one public for Internet service and one private for SNMP, TR-069, et cetera.

It's a TR-069 exploit in Deutsche Telekom routers

and possibly other routers. There's a thorough article about the issue. Apparently the handler for a SOAP request doesn't sanitize untrusted input and executes backticked shell code.

SOAP Vulnerability added to Mirai

[UnderAttack]

see https://isc.sans.edu/forums/di...

looks like a new SOAP vulnerability was added to Mirai. Here come a few million more mirai bots.