cap

A Glitch in Orange Jordan ADSL Quota System might Affect your Internet Monthly Cap

Tech Issues, , , , , , , , View all 4 comments

Update: Oct 12, 2014

During the last 54 days of running the testing script (although the plan was for 30 days), this issue only occurred once on (Mon Aug 25 12:10:22 EEST 2014 – Tue Aug 26 00:10:35 EEST 2014). Therefore, we can safely assume that this glitch was most likely caused by untested changes (updates, patches, configurations changes, etc.) applied immaturely on a production system. I wish I could say “no harm, no foul”, but this was NOT the case for the people who have very restricted cap (e.g. 10 GB/M) and might have been maxed out very early.

On the bright side, Orange has generously increased the monthly data cap to up-to 500 GB/M for most ADSL plans! For that, Thank you Orange.

————————————

If you live in Jordan and use Orange™ ADSL Internet service, Well, you better watch out for this glitch in their ADSL quota system.

Almost all Internet Service Providers (ISP) in Jordan enforce very restrict monthly capacity plans, a.k.a data cap. Some of which even resort to unethical and tacky, yet legal, ways to scam naive and inexperienced users with false/vague Ads such as “Unlimited” or “No Limit” Internet access. Under the “fair share/usage policy”, your ISP have the rights to penalize you if your Internet usage exceeded the monthly data cap, by significantly dropping the Internet speed, billing you the extra GB capacity with high rate, and in some cases ban you from the service. But this is not what I want to rant about today!

ADSL Quota

Orange provides ADSL customers with two methods to view their ADSL data usage details:

  1. Via Orange Jordan Website [1], or
  2. Directly through their quota management Web portal [2]

I almost always go with the second option, as it does NOT require any kind of authentication on my part. The system do the authentication automatically using, most likely, AAA RADIUS server. While, with the first option you need to create a Single-Sign-On (SSO) account, then add your ADSL credentials, and navigate through 5-6 pages to get to the Internet usage page.

Technically speaking, Orange Jordan uses The Juniper Networks Service Deployment System (SDX-300) [3] to monitor, log, and control subscribers network usage (on/off-peak data usage, sessions details, buy additional GB, etc.). Fortunately or unfortunately (depending on your perspective) this information is publicly available and can be obtained passively  via the cached version of default error page for the Volume Tracking Application (VTA) with the strip parameter ON [4] which will show the exact version & technology of Orange Jordan quota management system.

The Glitch

A couple of weeks ago, I noticed that on multiple occasions I was connected to the Internet through other ADSL subscribers account, also my internet data cap was quite strange; quota sessions history shows unusual activities (uploads/downloads).

On 11th & 18th August 2014, I was connected to the Internet using other ADSL subscribers account. This means that:

  • I was using someone else’s account,
  • Someone else might have been using my account too,
  • My online activities were logged to their account (No accountability),
  • Their ADSL account username and sessions history were accessible to me (No privacy), and
  • I could have maxed their data cap and none the wiser.
On Aug 11, 2014 : Connected to other ADSL subscribers account.

On Aug 11, 2014 : Connected to other ADSL subscribers account.

On Aug 18, 2014 : Connected to other ADSL subscribers account.

On Aug 18, 2014 : Connected to other ADSL subscribers account.

Interestingly, on 16th August 2014 I also was connected to the Internet using other subscriber ADSL account, but this time the account has the “extra GB” service enabled. Thus, I could have bought additional download capacity (2 JD/GB) and the customer would have to bear the bill!!!

On Aug 16, 2014: Connected to other ADSL subscribers account. Purchase additional quota (Mkt) is Enabled.

On Aug 16, 2014: Connected to other ADSL subscribers account. Purchase additional quota (Mkt) is Enabled.

Testing Script

Currently, I am running the below bash script on BeagleBone Black to fetch the quota page every one hour and save the result if the account being used is NOT mine. I am planning to let this script run for a month to verify if this is a temp glitch or a persistent issue. I will keep this post updated.

#!/bin/bash -e

USRNAME="adsl-user-name"
ERRPAGE="sdx-300"
SAVELOC="/home/user/adsl/"

if [ ! -d $SAVELOC ]; then mkdir $SAVELOC; fi;

while :
  do
   FILE="$SAVELOC$(date +"%y%m%d%H%M").htm"
   wget -q -O $FILE http://quotaalert.orange.jo:8080/quotaCustCare/custcare.jsp?page=Balances
   if [ -f $FILE ] && egrep -q -i "$ERRPAGE|$USRNAME" $FILE; then rm $FILE; fi;
   sleep 1h
  done

Testing Setup
[1] Orange Jordan Website, https://www.orange.jo
[2] Quota Alert Web Portal, http://quotaalert.orange.jo:8080/quotaCustCare/custcare.jsp?page=Balances
[3] Juniper SDX-300 Manual, http://www.juniper.net/techpubs/software/management/sdx/sdx64x/bookpdfs/sw-sdx-get-start.pdf
[4] Cached SDX-300 Default Error Page , https://webcache.googleusercontent.com/search?q=cache:quotaalert.orange.jo:8080/quotaCustCare/redirect.jsp&strip=1