For the mom who gives us everything - Mother's Day gifts that connects us.
Protect yourself online
Network_Brandon's profile

New Member


2 Messages

Thursday, May 4th, 2023 9:36 PM

8 months of continuous attacks even after moving and changing routers 5 times

I’ve been dealing with identity theft, dos attacks and network attacks. Not only do the dos ICMP requests originate from their one (and only) dns server and as someone who has a degree in CS I decided to test the network on my own. In my little at home pen test I found not only is the DNS server extremely chatty but is susceptible to client side attacks by injection. I’m short it means you can send a lease request followed by a &, anything after the & symbol will be taken in the context of a command. So if someone were to know the api, which I’m sure would not be hard to find they could essintel execute commands from the server as if they were physically at the terminal of the server. Not to mention ATT does not allow you to use a DNS outside of their own first, why? Well because they need to sell your data of course. The network issues I have started with dos, then redirects and currently someone else can control my entire home network and there is nothing I can do to stop because the malicious activity is appearing to be server side originating from their dns. The only ip or server you can’t block is the dns zone and because we can’t route through another without having to request ack from ATT’S domain name server first. Leaving me completely vulnerable. We have even moved over it hoping a new connection would mask our identity but of course not; my family has lost 13k from eve attacks where the threat actor used SSO to login to our banks and purchase a crypto. My bank won’t refund the theft of funds as they do not “believe” in crypto. Either way the bank is not blame. It’s ATT, and I have to ask; at what point will you make the ethical choice to protect your customers data over selling their data? I think it’s unfair that I’ve been a loyal a customer and no one from corporate has responded to my emails, my letters, and tech support had been no help because they are not trained to understand networking and they do not even have the power to do anything more than say sorry. It’s 2023 and unexcuseable to prioritize monitoring your customers the way you do and not even be able to stop arbitrary remote code executions on your in house server. Your ATT for gods sake Ik your networking team is more than capable of encrypting your customers data and activity online. The problem is out of the 80+ hours I’ve spent on the phone with ATT in the last 8 months I have been told I cannot speak to anyone in networking and the representatives on the phone from identity fraud, customer service, and “tech” support do not have a means to do so either. Like it or not ATT you have either 1. A employee who is being malicious and is attacking your customers via server 2. A threat actor who has unauthorized access to your server or 3 someone who was able to mail your api. Out of the 3 possibilities of the source issue I cannot see how as a company you have not taken responsibility and locked your network down. And us customers like I said earlier cannot block these attacks as to do so would mean we could not access IOT since we are forced to use your dns server for ack. If I could have 10 minutes in the phone with someone in networking I could solve this issue by having them execute a series of rules and protocols to better encrypt, stop client/server side attacks and dos. The problem is with drop packets enabled it still lets anyone who is using nmap to scan still know they found and address since it shows the target is there just not accepting or has blocked probing. It’s better to have no response at all so the actor has no idea if he is communicating with any machine.  Every department available to consumers is one giant circle (Edited per community guidelines) of sorry I can’t help let me forward you to xyz. Then that department regurgitates the same spiel and so the circle (Edited per community guidelines) begins. I’ve absolutely have it with your lack of concern for the thousands of customers you put into harms way just to make a little extra money of mining our data, there is no excuse at this point other than greed. My family’s network has been attacked our personal family photos have been plastered online along with our bank accounts emptied and for 8 months I pleaded with you over the course of 80+ hours of phone conversations which I recorded, no response from my emails or letters. Half of the support numbers ON YOUR OWN WEBSITE are dead ends which is just hilariously unprofessional. Not to mention we just moved over this mess and the day you came out to put in a new modem we were hacked again. This is almost unbelievable to the point I’m convinced you have a bad apple of an employee somewhere in the mix. I’ve kept logs of every attack of my own using SIEM programs that all point directly to your server; I have information that I guarantee networking would love to hear but no, I can’t speak with them because why? Communication is key for any business and the transparency here with my experience has been vague at best. Several of your employees even agree with me that your practices are shady and I have this on recording. 3 of them suggested I cancel with you and find another isp, that really says a lot about your place of business if your own employees are advising me to cut my loses and move on. You know you’re the only isp that forced its customers to use their outdated, basically open software dns? I would not be surprised at all if (Edited per community guidelines) are on table, I know the damage done to my family is something we’ll never recover from and to think it could of been stopped with a simple talk to networking or just as simple as letting your customers choose their dns provider is insanely frustrating. I don’t want to hear another excuse or a “I’m so sorry” because your not. Actions will always speak louder and the fact you list support numbers that are not in service, do not allow conversations with networking, do not let us choose dns in name of selling data, have no straight answer for your lack of security is criminal in my opinion. A data breach of this size has not happened since T-Mobile and they had the guts to own their mistake and make it right. Unfortunately it will probably take thousands of more victim's to be exposed before anything gets done. Please ATT reach out to me let’s fix this, let’s be proactive not reactive for once.

No Responses!
Not finding what you're looking for?
New to AT&T Community?
New to the AT&T Community? Start by visiting the Community How-To.
New to the AT&T Community?
Visit the Community How-To.