Should I tell the hotel I'm staying at that their $500 managed switch is sitting bare assed?

[vi edit]

By the looks of things, the hotel I'm staying at just installed some sort of high speed internet. I got a room that was "hot" and got a DHCP lease from some sort of DHCP device. Something was hosed so I went to the front desk and got a "setup guide" that was basically a how to set your computer to obtain a DHCP lease. Didn't exactly help me much.

So I went digging. First tried ip'ing and telneting into the gateway. Didn't get any where. Then just tried pulling up 192.168.1.1 in IE and whaddya know. I got the web interface for an HP Curve Switch 2512. With no passwords set up. D'oh! I *COULD* enable authentication and mess around with what ports are hot and what not.

But I'm not destructive like that. So, should I tell the front desk that their IT consultant is a tool?

 

[z0mb13]

own their network and demand 1million in ransom!! :evil:

 

[DainBramaged]

Ooooohhh....you should be a 1337 ub4|2 h4x0|2!!!!

 

[vi edit]

Originally posted by: z0mb13
own their network and demand 1million in ransom!! :evil:

I'll settle for a couple free night stays and a stack of free drink tickets!

 

[AgaBoogaBoo]

Originally posted by: vi_edit

Originally posted by: z0mb13
own their network and demand 1million in ransom!! :evil:

I'll settle for a couple free night stays and a stack of free drink tickets!

Talk to a manager or someone and tell them you found a security hole in their networking and if they give you some nights and such, you will tell them what it is. Tell them it has to do with a password not being on something that should.

Before you do that, make sure you aren't getting yourself into a bunch of legal/illegal mumbo jumbo

 

[MercenaryForHire]

I have this horrible vision of the hotel trying to sue you for "h4x0r1z1ng" their "intarwebwork"

- M4H

 

[Yzzim]

Originally posted by: AgaBooga

Originally posted by: vi_edit

Originally posted by: z0mb13
own their network and demand 1million in ransom!! :evil:

I'll settle for a couple free night stays and a stack of free drink tickets!

Talk to a manager or someone and tell them you found a security hole in their networking and if they give you some nights and such, you will tell them what it is. Tell them it has to do with a password not being on something that should.

blackmail? if anything would happen to their service during/after he's gone, they are going to automatically think it was his fault.

 

[DainBramaged]

Originally posted by: MercenaryForHire
I have this horrible vision of the hotel trying to sue you for "h4x0r1z1ng" their "intarwebwork"

- M4H

I bet the lawsuit will even included those terms.

 

[vi edit]

Being that I support this stuff for a living, one of my biggest pet peaves is haXor wanna be's. I'd never think of being destructive to a network of my own that I wasn't stress testing. Tomorrow when I check out I'll try and flag down the manager, give him my business card and let him know that he should have his IT consultant that handles their network double check his device security.

If the consultant has any questions he can contact me.

 

[RagingBITCH]

Whatever you do, make sure they don't hold you liable for "discovering", ie, hacking through their "security". Just tell them who you are and that you do IT work and that through your troubles getting DHCP to work, you found the hole. Offer to fix it for them for the few nights free. And some complementary hookers on your pillow.

 

[MercenaryForHire]

Originally posted by: vi_edit
Being that I support this stuff for a living, one of my biggest pet peaves is haXor wanna be's. I'd never think of being destructive to a network of my own that I wasn't stress testing. Tomorrow when I check out I'll try and flag down the manager, give him my business card and let him know that he should have his IT consultant that handles their network double check his device security.

If the consultant has any questions he can contact me.

Oh, it's not that you have intentions of damaging it. If you did, you wouldn't be posting right now - you'd be configuring the remote admin console and preparing to redirect various types of traffic to your box for analysis/decrpytion.

It's that their IT department - which we've already determined as "Teh Dumbx0r" - will be ever-so-happy to jump on the OMFG HE WAS TEH HAX0RING US bandwagon to avert any issues they've been having.

- M4H

 

[Zim Hosein]

Originally posted by: RagingBITCH
Whatever you do, make sure they don't hold you liable for "discovering", ie, hacking through their "security". Just tell them who you are and that you do IT work and that through your troubles getting DHCP to work, you found the hole. Offer to fix it for them for the few nights free. And some complementary hookers on your pillow.

Cheers RagingBITCH :beer:

 

[vi edit]

Oh, it's not that you have intentions of damaging it. If you did, you wouldn't be posting right now - you'd be configuring the remote admin console and preparing to redirect various types of traffic to your box for analysis/decrpytion.

Well, I'm actually not posting on their connection. I'm on a Smmmmmokin 26.6k dial up backup connection. Yeeeeeeeeee haw!



They are using a Cox cable modem connection here. My guess is that the modem and/or the router they are using just need a kick in the nuts and rebooted.

 

[hevnsnt]

I personally would just keep quiet about it. Too much can go wrong, with very little gain.

 

[RagingBITCH]

Originally posted by: Zim Hosein

Originally posted by: RagingBITCH
Whatever you do, make sure they don't hold you liable for "discovering", ie, hacking through their "security". Just tell them who you are and that you do IT work and that through your troubles getting DHCP to work, you found the hole. Offer to fix it for them for the few nights free. And some complementary hookers on your pillow.

Cheers RagingBITCH :beer:

:beer::beer: beers for everyone! No 24 thread tonight Zim Suxors

 

[SagaLore]

do them a favor and set the password on it

 

[z0mb13]

Originally posted by: SagaLore
do them a favor and set the password on it

64 bit password!! :evil:

 

[T2T III]

So, should I tell the front desk that their IT consultant is a tool?

Sadly, I'm sure many hotels are configured the same. I doubt if the night desk clerk will be of any value when you go downstairs and tell them about the idiot person who configured the network. After all, the desk clerk at a hotel can barely tell whether the Chinese restaurant down the street is either good or bad.

 

[JoeKing]

Don't tell them anything, its not worth the possible trouble and suspicion on your part. Just allow yourself access for webwork and leave the rest be. Once their network does go down they'll have to hire a tech to come out....and thus the circle is complete.

 

[MichaelD]

Originally posted by: hevnsnt
I personally would just keep quiet about it. Too much can go wrong, with very little gain.

I read every post in this thread. While I have ideas of my own....:evil:.....and agree with a lot of folks here....:evil:...

the best course of action is what I quoted. Just go about your business. Too many assh0les these days. You try and help them and they will blame YOU for ALL of their "network problems" up to and including the monthly bill from their service provider.

Oh, before you go...set an alphanumeric password on it...as many characters as possible. 100 or so sounds about right.

 

[kyparrish]

Originally posted by: MercenaryForHire
I have this horrible vision of the hotel trying to sue you for "h4x0r1z1ng" their "intarwebwork"

- M4H

well put M4H

 

[TechnoKid]

well, at least set the password to "password"

 

[rh71]

Maybe it will deny you if you actually try to apply some changes..

Either way, expect a knock on the door... take the red pill.

 

[Adul]

yes

 

[TallBill]

sure... tell them.. mwah, you might luck out and get some perks.