AT&T/@Home Cable Modem Enumeration

[uid0 () catastrophe net]

AT&T/@Home has standardized on using DHCP for end-user workstation
configuration. This configuration is done via the standard DHCP 
implementation, but also is configured to send a string to the
DHCP server with the "hostname" of the client.

This hostname is adminstratively defined by AT&T and is a unique
customer number. An example is...

 cb666699-a.anytwn.il.home.com

Where the customer ID is cb666699-a in the subdomain of anytwn.il

What frightens me is that no PTR records are configured except for this
dynamic method. By scanning for PTR records, it is easy to determine
active IP addresses and focus attack efforts on those IPs only, speeding
up possible intrustions (imagine how much quicker it is if only
20,000 hosts are listening on a 24/8 subnet!)

This implementation, while not a true "vulnerability", is not quite a
"Best Practice".

-#0