• DiGi ISP - Publicly exposed private network (16,777,214 hosts and counting)

    06/16/2021 at 15:40 0 comments

    OK enough is enough...

    I have tried to reach out to numerous places for help, all greeted with door to the face or a similar response. 'Are you sure it’s not your home network you're seeing?'

    -Honestly, I’m tired and I don’t want this burden on my shoulders anymore. It does not feel real that this is happening, and no one is listening... even reddit is removing my posts.. (https://ibb.co/q9vZ6Y3)

    The DiGi Mobile Network is completely open and has its private range exposed and available for DiGi Mobile customers to access.

    This is not an isolated incident. I simply connected to the mobile network and amazingly I can access internal resources.

    Attached is proof of only a TINY snip of what I can see.

    This is a massive risk and not only needs fixing but a complete overhaul of infrastructure hardening and patch management/ vulnerability scanning etc.

    How I was able to scan the ranges undetected is beyond me, clearly no monitoring tools or email checking at the very least and the worrying thing? I’m the good guy... Imagine who else knows this and what they are doing RIGHT NOW!

    PROOF: https://ibb.co/album/xqRnJx

    Stay Safe