Delivered-To: mark@markasoftware.com
Received-SPF: pass (zohomail.com: domain of dataimpulse.com designates 209.85.161.48 as permitted sender) client-ip=209.85.161.48; envelope-from=support@dataimpulse.com; helo=mail-oo1-f48.google.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of dataimpulse.com designates 209.85.161.48 as permitted sender)  smtp.mailfrom=support@dataimpulse.com;
	dmarc=pass(p=none dis=none)  header.from=dataimpulse.com
ARC-Seal: i=1; a=rsa-sha256; t=1746148288; cv=none; 
	d=zohomail.com; s=zohoarc; 
	b=FD0GTOOLWbxF7vJZnqdKgsBIwO5YYF8CyJjP/4bttLj2MRHd6pFnOge7uGiH3o2mgiDHkOqCpN88EZ2reNASCw+Kn5kKtmhX+bMn+DT6VTgehNi7Cd1G3Zkd81WfCGx+yKlMIThMWNRFFRByy+4x1dhZm+m0qJ29QH5GyHah/l4=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; 
	t=1746148288; h=Content-Type:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To:Cc; 
	bh=Fhfmh13qTbw/EMXp+dWGSlYhLkzteC6bagmtzM7nVCc=; 
	b=ejV5++tlgFVZ9DSreYOjJVIg1Zmdu7xiz0Qil5isI4HwhvZI09unqm5aSAr7R7ZUWAUaL+VJQyuPWFiVxzG4k82o3hqXFkHTS3tD606jhNj7Oxbu7slulUzMJfdMzvl4qUcP9uRX6PTf0eU310XN5mLSun06srotH40eXa1SsTQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of dataimpulse.com designates 209.85.161.48 as permitted sender)  smtp.mailfrom=support@dataimpulse.com;
	dmarc=pass header.from=<support@dataimpulse.com> (p=none dis=none)
Return-Path: <support@dataimpulse.com>
Received: from mail-oo1-f48.google.com (mail-oo1-f48.google.com [209.85.161.48]) by mx.zohomail.com
	with SMTPS id 1746148288846530.3470418208683; Thu, 1 May 2025 18:11:28 -0700 (PDT)
Received: by mail-oo1-f48.google.com with SMTP id 006d021491bc7-6065251725bso931323eaf.1
        for <mark@markasoftware.com>; Thu, 01 May 2025 18:11:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=dataimpulse-com.20230601.gappssmtp.com; s=20230601; t=1746148287; x=1746753087; darn=markasoftware.com;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :from:to:cc:subject:date:message-id:reply-to;
        bh=Fhfmh13qTbw/EMXp+dWGSlYhLkzteC6bagmtzM7nVCc=;
        b=I77yTjYzuEhbR7L8ZKnqalJO0kCGV27579PPrBRJwwXt3d9EDoZbkX6oeWhiX813oL
         C4WXiu3rx9CiJj2JcXPgW3QkWDUG6mQKVGCICRGU3q07b5jjnLcOJd22OiNYp73z+VtC
         ClN1/t7AMHJ57H/UJkAdroXCSe1jTqLwd/cwkLuWEKjJECszJhfJZrIdvB+T3lx4kGKl
         7xX2y57xO0iwpaf9etsQ8HTOwaoMf/prFlIab7Jwhm9lz8OtzbM8UXf7b152nxQj6NYz
         2JXWZa/JajkLakYK9HNT9wiCia+ZT/FMIrHSQBWEsktzv3RZ/DgrdJt2/wRFQpNd9uDg
         68GQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1746148287; x=1746753087;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=Fhfmh13qTbw/EMXp+dWGSlYhLkzteC6bagmtzM7nVCc=;
        b=poDyqAn++TteZzn8BfeD0LhWR0paREV0LN8zRUxUK1kvgNNRmg2EXv0YHLSDm2G/jS
         opBcSz0L5o4letE/DoaQC9cDzsZPhg/KBG9vVplIzllMFynI6JfuG0cKzqErQzxbkp2B
         6V6bUrc7SQPJPeFSpPNEI54V6uKYaugqjCtdx9yftUiS7FgltKvQAJrsMiEDj46Plhrq
         jA45Om6dwepWiZ3i6Cn821mMC8pQvmuw8xqedoipUzRRmQly/jhakJxcDco/nIF1/uYC
         xi3d0SBRO+aynk7jWArbSb0fctuOKPR8F5H/Oa7BBJsPmu/eVPhxQt1At5DeNJicx2Bx
         dQ3w==
X-Gm-Message-State: AOJu0Yw2mbZ1UxloKtNUzhgKxcHfq7aJf84u58Qeo+15sA4mKUNnHjQj
	EkyZyN2mxDv8+SJnTcv/oc0J7Z+Wkj6cGiPJatb3/gp5MUEQzro+0tkoPokn98t+/KtkoF4GAjX
	Lu1qALA5wHD+L95UHd0BX6v9UMBNCstnA94HUNFyrFJvqxy0Ih4oCkQTtBEI=
X-Gm-Gg: ASbGnctVrGHLmpYlPNs9uxlH55fMppm4VsdvU1f+AOM8xWNqiSclzQYhRKVPZ9Jmjyw
	YWmaiTqcvXYJReHfce95ZLJCOMvHQonqL3JeLnPSVf/sAVkPxy2YIp6lTvhIt5txHI+BcC7Iuas
	aj906I4CamBMwx/pIwcsg=
X-Google-Smtp-Source: AGHT+IHWfkyEUUJj/JFVZ7R4kndECi1GNp5qmrFJrvHg1KnK0kfGKwXQlJuAqbRdxMnZ6ddoMGy6O8Dstmybar2ev/k=
X-Received: by 2002:a05:6820:4b8e:b0:607:ae77:59eb with SMTP id
 006d021491bc7-607ee6c3601mr554587eaf.2.1746148287239; Thu, 01 May 2025
 18:11:27 -0700 (PDT)
MIME-Version: 1.0
References: <196839f547a.c9a62b2d1311601.4702380974062659638@markasoftware.com>
 <CAGy5s5gxegJFQ9Aty1L37S-z0qsnRL3G6QL8LYpwOUB77tZBXg@mail.gmail.com>
In-Reply-To: <CAGy5s5gxegJFQ9Aty1L37S-z0qsnRL3G6QL8LYpwOUB77tZBXg@mail.gmail.com>
From: DataImpulse Support Team <support@dataimpulse.com>
Date: Fri, 2 May 2025 04:11:15 +0300
X-Gm-Features: ATxdqUHid9H83D-ihn0XxN_JIhI17K9ehJStiLue2ZNGV3mvr6ar7eX-JEOf4Cg
Message-ID: <CAGy5s5jSgGmZ=mM-47TxhPFijXPG5jO4PZd2EGs2VmTYuLyvGA@mail.gmail.com>
Subject: Re: security issue -- access to 192.168.0.1 and other reserved IPs
 through proxy allows access to residential router admin pages
To: Mark Polyakov <mark@markasoftware.com>
Content-Type: multipart/alternative; boundary="00000000000062ea2f06341cd47d"
X-ZohoMail-DKIM: pass (identity @dataimpulse-com.20230601.gappssmtp.com)
X-ZM-MESSAGEID: 1746148289962116300

--00000000000062ea2f06341cd47d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

Greetings!

Earlier, you contacted us with the issue detected.

Thank you for raising this matter!

We are constantly looking for ways to improve our service, and your request
has been taken into consideration.

Since your appeal, we have been working on fixing it. The issue is now
fixed, and as a thank you and bonus, we have provided 100 GB of traffic to
your Residential plan.

Thank you for your interest in our service!

If you have any additional questions or suggestions, don't hesitate to
contact us. We are always in touch and open to discussions!

Regards,
DataImpulse Support Team

On Wed, Apr 30, 2025 at 2:07=E2=80=AFAM DataImpulse Support Team <
support@dataimpulse.com> wrote:

> Hi there
>
> Thank you for reaching out to the DataImpulse Support Team!
>
> We highly appreciate the information provided and forwarded to our team.
>
> Best regards,
> DataImpulse Support Team
>
> On Wed, Apr 30, 2025 at 1:16=E2=80=AFAM Mark Polyakov <mark@markasoftware=
.com>
> wrote:
>
>> I discovered that it's possible to access 192.168.0.1 through your
>> proxies. Tested with HTTP proxies in sticky mode.
>>
>> This is a major issue because 192.168.0.1 is usually a router login page
>> on residential networks, so any customer of DataImpulse can access the
>> routers of random residential networks, and possibly change router setti=
ngs
>> maliciously.
>>
>> I attached a screenshot of a router I was able to log into through
>> DataImpulse; like many routers, it had a default username/password of
>> admin/admin.
>>
>> When you fix this:
>> (1) Be sure to block all reserved IPs
>> https://en.wikipedia.org/wiki/Reserved_IP_addresses
>> (2) Be sure to block domains that resolve to a reserved IP. I have been
>> testing other residential proxy providers as well, and many of them bloc=
k
>> 192.168.0.1 but if you access a domain name that resolves to 192.168.0.1
>> you can still access the router login pages.
>>
>> Best,
>> -- Mark Polyakov
>>
>>
>
> --
> Thanks,
> DataImpulse Support Team
>
>

--=20
Thanks,
DataImpulse Support Team

--00000000000062ea2f06341cd47d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Greetings!<br><br>Earlier, you contacted us with the issue=
 detected. <br><br>Thank you for raising this matter!<br><br>We are constan=
tly looking for ways to improve our service, and your request has been take=
n into consideration.<br><br>Since your appeal, we have been working on fix=
ing it. The issue is now fixed, and as a thank you and bonus, we have provi=
ded 100 GB of traffic to your Residential plan.<br><br>Thank you for your i=
nterest in our service!<br><br>If you have any additional questions or sugg=
estions, don&#39;t hesitate to contact us. We are always in touch and open =
to discussions!<br><br><div style=3D"margin-top:0.5em;margin-bottom:0.5em">=
Regards,<br>DataImpulse Support Team</div></div><br><div class=3D"gmail_quo=
te gmail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Apr=
 30, 2025 at 2:07=E2=80=AFAM DataImpulse Support Team &lt;<a href=3D"mailto=
:support@dataimpulse.com">support@dataimpulse.com</a>&gt; wrote:<br></div><=
blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l=
eft:1px solid rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=
=3D"ltr">Hi there<div><br></div><div>Thank you for reaching out to the Data=
Impulse Support Team!=C2=A0</div><div><br></div><div>We highly appreciate t=
he information provided and forwarded to our team.</div><div><br></div><div=
>Best regards,<br>DataImpulse Support Team=C2=A0</div></div></div><br><div =
class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">On Wed, Apr 30,=
 2025 at 1:16=E2=80=AFAM Mark Polyakov &lt;<a href=3D"mailto:mark@markasoft=
ware.com" target=3D"_blank">mark@markasoftware.com</a>&gt; wrote:<br></div>=
<blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-=
left:1px solid rgb(204,204,204);padding-left:1ex"><u></u><div><div style=3D=
"font-family:Verdana,Arial,Helvetica,sans-serif;font-size:10pt"><div>I disc=
overed that it&#39;s possible to access 192.168.0.1 through your proxies. T=
ested with HTTP proxies in sticky mode.<br></div><div><br></div><div>This i=
s a major issue because 192.168.0.1 is usually a router login page on resid=
ential networks, so any customer of DataImpulse can access the routers of r=
andom residential networks, and possibly change router settings maliciously=
.<br></div><div><br></div><div>I attached a screenshot of a router I was ab=
le to log into through DataImpulse; like many routers, it had a default use=
rname/password of admin/admin.<br></div><div><br></div><div>When you fix th=
is:<br></div><div>(1) Be sure to block all reserved IPs <a href=3D"https://=
en.wikipedia.org/wiki/Reserved_IP_addresses" target=3D"_blank">https://en.w=
ikipedia.org/wiki/Reserved_IP_addresses</a><br></div><div>(2) Be sure to bl=
ock domains that resolve to a reserved IP. I have been testing other reside=
ntial proxy providers as well, and many of them block 192.168.0.1 but if yo=
u access a domain name that resolves to 192.168.0.1 you can still access th=
e router login pages.<br></div><div><br></div><div>Best,<br></div><div>-- M=
ark Polyakov<br></div></div><br></div></blockquote></div><div><br clear=3D"=
all"></div><div><br></div><span class=3D"gmail_signature_prefix">-- </span>=
<br><div dir=3D"ltr" class=3D"gmail_signature"><div dir=3D"ltr">Thanks,<div=
><div>DataImpulse Support Team</div><div><br></div></div></div></div>
</blockquote></div><div><br clear=3D"all"></div><div><br></div><span class=
=3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_s=
ignature"><div dir=3D"ltr">Thanks,<div><div>DataImpulse Support Team</div><=
div><br></div></div></div></div>

--00000000000062ea2f06341cd47d--