In reply to a post by jamestbb:

Correct.

Just comfirming what i suspected and what you confirmed and PCJM40, also suspected 😁 Thank you.

I'm not sure spitting out the full ONT serial number to anybody who can enter an address into the website is a great idea.

I did think that... alas.

In reply to a post by jamestbb:

Thanks, A&A show both services:

https://i.imgur.com/kRN9QbR.png

Cost prohibitive I'm afraid, though.

As suggested by someone else give Plusnet a call and see what they can do for you.

Will give them a try.

In reply to a post by jpm:

I'm not sure spitting out the full ONT serial number to anybody who can enter an address into the website is a great idea.

I'm not sure i said that 😂.

Just comfirming what i suspected and what you confirmed and PCJM40, also suspected 😁 Thank you.

I don't putting the full ont serial on here is a good idea either.

In reply to a post by Taras:

In reply to a post by jpm:

I'm not sure spitting out the full ONT serial number to anybody who can enter an address into the website is a great idea.

I'm not sure i said that 😂.

Just comfirming what i suspected and what you confirmed and PCJM40, also suspected 😁 Thank you.

I don't putting the full ont serial on here is a good idea either.

I was talking about A&A - it seems like you feed their website an address of an active Openreach FTTP customer and it gives you the serial number back without any authentication.

In reply to a post by jpm:

In reply to a post by Taras:

In reply to a post by jpm:

I'm not sure spitting out the full ONT serial number to anybody who can enter an address into the website is a great idea.

I'm not sure i said that 😂.

Just comfirming what i suspected and what you confirmed and PCJM40, also suspected 😁 Thank you.

I don't putting the full ont serial on here is a good idea either.

I was talking about A&A - it seems like you feed their website an address of an active Openreach FTTP customer and it gives you the serial number back without any authentication.

ahh fair enough 😁, and yes thats not good and could allow a bad actor to move a fttp service without auth .......

In reply to a post by Taras:

In reply to a post by jpm:

In reply to a post by Taras:

... nested quotes trimmed ...

I'm not sure i said that 😂.

... nested quotes trimmed ...

I don't putting the full ont serial on here is a good idea either.

I was talking about A&A - it seems like you feed their website an address of an active Openreach FTTP customer and it gives you the serial number back without any authentication.

ahh fair enough 😁, and yes thats not good and could allow a bad actor to move a fttp service without auth .......

You don't even need to know the serial number to migrate a line. Nobody ever asks for it.

I think there's worse that can be done with the serial number.
As I understand it, the serial number is enough info for me to cut my neighbours fibre, clone their ONT and authenticate as them.
Unless there's some way Openreach can tell which CBT port each fibre is on.
If someone knows otherwise I'd love to hear the way it's done.

I might ask 1 of my neighbours on the same PON to borrow their ONT to test. Most are on Talktalk or BT who have generic login details.

In reply to a post by j0hn83:

I think there's worse that can be done with the serial number.
As I understand it, the serial number is enough info for me to cut my neighbours fibre, clone their ONT and authenticate as them.
Unless there's some way Openreach can tell which CBT port each fibre is on.
If someone knows otherwise I'd love to hear the way it's done.

I might ask 1 of my neighbours on the same PON to borrow their ONT to test. Most are on Talktalk or BT who have generic login details.

You'd connect just fine as long as you're on the same OLT port. No practical way for OR to know: passive network innit.