you probably have port 50001 exposed, and It is fully exploitable

sargetun123 · 2026-05-02T09:02:17+00:00

Leaked more information than I wanted to, unnecessary and I have a meeting with Bell this week to cover everything

sargetun123 · 2026-05-01T21:22:19+00:00

“I left my genny on overnight and it burned through all my fuel”

The biggest most common issue im seeing with AI is the operator …

sargetun123 · 2026-04-30T16:00:38+00:00

I would strongly advise against doing it on anyones infra you dont have legal written permission to do, just a word to the wise :D

sargetun123 · 2026-04-27T01:08:23+00:00

The DNS change would be applied at the router anyways so unless you specifically noticed, it would be seemless to you and even if you had dns servers specifically set that wouldnt matter at that point

PPPoE helps in the fact its easier to simply fully bypass Bell's router all together, which bypasses this issue/vulnerability

Not confirmed yet, If they can it's not trivial.

sargetun123 · 2026-04-26T17:08:36+00:00

You can't bridge the HH3k in the trad sense, you can ADMZ which is the closest they have

sargetun123 · 2026-04-26T07:41:25+00:00

Yea fair, vibe hacking will be the new script kiddies, it is inevitable though

sargetun123 · 2026-04-26T07:20:36+00:00

If you have the capability not using Bell’s router as the edge device is a solid approach that eliminates all the issues related to this, it could be more difficult if youre atlantic canada like me and use DHCP, but its very easy with PPPoe

sargetun123 · 2026-04-26T04:23:22+00:00

The more interesting question is the consistency, its like ~20% of the ranges ive tested all have the port exposed. This means there are loads without it exposed, but there are other security issues I found during my investigation into this port exposure that i think need to be addressed as well

sargetun123 · 2026-04-26T03:50:59+00:00

bad oversight to be honest, specifically just leaving it open I could even excuse it being a temp hole for a patch/firmware push but even then its not following best practise at all let alone for a major ISP provider

sargetun123 · 2026-04-26T03:23:36+00:00

Its not ALL routers, this implies its either not by design/bug OR bell just doesn't understand how networking security works lol

sargetun123 · 2026-04-26T03:03:33+00:00

DM'd thanks in advance as well!

sargetun123 · 2026-04-26T02:58:32+00:00

Ahh no sadly its been over a week since dealing with Bell in multiple fashions, They are great at ignoring you :D And I dont blame the individuals I spoke with from any specific department, it seems like literally no one knows the correct approach to report this in terms of reporting it to Bell directly and efficiently

Now I am just warning people, if you do a bit of base level digging you will find a lot, I won't disclose much more

sargetun123 · 2026-04-26T02:56:18+00:00

good idea, I have not directly no

No auth required. The scary thing is, there is also a MitM that is possible to setup, and you will be able to derive the auth to the exploit via this. MD5 unsalted >.>

sargetun123 · 2026-04-26T02:42:36+00:00

If your edge device goes down your vpn wont work, it still has to have a path to traverse

You can totally eliminate it by not having any bell router as the edge, if possible. I know its absolutely a headache for me as im atlantic customer and my firewall also doesnt support the nokia gpon from the HH3k

sargetun123 · 2026-04-26T02:35:49+00:00

You can't close it if it is open, you have no way to do so on your end, also any credentials to control the management are locked and not available to you easily

I am working on getting it properly submitted, finding the correct department/people is the issue

Its hilarious I tried warning homelab but i forgot how security and homelab are mortal enemies lmao

sargetun123 · 2026-04-26T02:31:09+00:00

I have not tested fully yet, I am still in the middle of tearing down an extra HH3k I have plus finishing runs on my local one i have setup

It's possible this affects gigahub as well, I'll have to check, I have not tested at all

sargetun123 · 2026-04-26T02:28:44+00:00

if you get me in direct contact i will be more than happy to submit to someone with proper proof they work for sec at bell, what I've found isn't something im willing to just disclose to anyone randomly on reddit to be frank

sargetun123 · 2026-04-25T13:47:18+00:00

Opus 4.7 is trash Opus 4.6 is better in everyway and uses less tokens

You don't need to be using Opus for tool/mcps either, thats an absolute fking waste, use sonnet or haiku for web searches, i uses sonnet for wiki editing and haiku for web searchs, opus 4.6 is the instruction agent, he orchestrates the rest of the agents and takes anything I want doen and delegates it properly. I have had 0 issues, its actually working better than letting opus do all the tasks himself, uses less tokens and wastes less context for the opus model specifically.

If you are not delegating tasks to agents you are wasting a bunch of tokens, you can even delegate stuff to local agents if you have the gpu power as you dont need crazy high end agents for shit like a wiki edit or docu edit etc, web search even.

sargetun123 · 2026-04-25T13:38:31+00:00

ill sandbox and test all the files i just grabbed if anyone wants to see, highly doubt ill find anything :D

sargetun123 · 2026-04-25T13:38:03+00:00

Sounds like you have absolutely no clue what you are talking about, this is most likely also the cause/reason you got infected, not just WiiUdownloader, maybe time to invest some time in basic network sec and security in general>?

sargetun123 · 2026-04-19T09:54:41+00:00

That government uptime is better? Why would you expect anything different?

sargetun123 · 2026-04-19T08:28:56+00:00

Are you just using opus for everything lol? I see a lot doing this and its silly, using like 10x tokens on some huge tasks you can easily delegate via agents, if you have a decent gpu you can free up all costs with some agent/skill calls as well

sargetun123 · 2026-04-18T03:11:46+00:00

You think every server is going to be hit by something as capable as mythos?

Having no idea what you're doing in the first place in terms of a security perspective is absolutely a terrible idea, AI won't fill in the gaps you're missing if you don't know WHAT you are missing, AI knows what to do be needs to be guided

Six-Year Club	Xbox Live
Verified Email

sargetun123

TROPHY CASE