I scanned all of ACT Bangalore customers, and the results aren’t surprising

tl;dr: https://scan.bb8.fun/

Update: ACT now blocks most inter-customer communication now.

ACT is one of the largest ISPs in Bangalore. I’ve been their customer for quite some time now. I’ve know they do not provide me with a public IP address, but rather push me behind a NAT (10.242.0.0/24 I’d thought). I recently realized that ACT doesn’t actually block any cross-customer communication. (While trying to see if I can get a neighbouring friend to watch a stream off my server without incurring ACT data charges).

Hence, the next obvious step was to scan the entire ACT network.

The masscan configuration used for the scan was:

masscan 10.242.0.0/15,10.244.0.0/15 -p80,23,443,21,22,25,3389,110,445,139,143,53,135,3306,8080,1723,111,995,993,5900,1025,587,8888,199,1720,465,548,113,81,6001,10000,514 — rate=1000 -oX act.xml

This ensures the following:

  1. Scan the top few TCP ports
  2. Keep the scan slow, so it doesn’t cause any network issues, and I don’t wake up anyone at ACT
  3. The 2 subnets were found by trial and error. I tried scanning 10.0.0.0/8 using a ping scan to discover other ranges, but these are the only ones that responded for me in a meaningful time.

The data is currently published via masscan UI at https://scan.bb8.fun/.

Did you find your own router on the list? Let me know!

Fun Servers

Some of the fun stuff I found out:

Someone is running a postfix SMTP server on a debian box:

220 pg.victory.com ESMTP Postfix (Debian/GNU)
250-pg.victory.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250–8BITMIME
250 DSN
220 2.0.0 Ready to start TLS

A lot of servers running the default TP-Link FTP server:

220 Welcome to TP-LINK FTP server
530 Please login with USER and PASS.

I found a few BEAM devices, which I think are just routers that ACT gives out with new connections (or used to?)

Not sure if this is ACT BEAM

Some badly designed ones:

This is definitely ACT

A lot of ASUS routers:

Lots of IP-Camera logins:

People running pfsense!

And people running things I’ve never heard of:

It was a quick fun thing, but I might leave the scan running on a schedule sometime later to store historical data. If there are any important ports you think I missed, or if you have any other suggestions, please reach out.