Firewall Wizards mailing list archives
Re: Newspaper Article about Cable Modem security
From: "Rodney van den Oever" <roever () nse simac nl>
Date: Mon, 1 Nov 1999 07:48:43 +0100
http://www.detnews.com/1999/technology/9910/26/10260168.htm
The sad part is that even if they have file and print sharing turned off,
you can still be >hacked and or hijacked, cable modem networks are not
distributed star, but more >like a bus network ( think of it like a river )
and anyone can get a sniffer and "drink" >packets and look for "password" or
capture 40bit encryped https sessions, save >them and crack them later to
reveal credit card numbers etc.
Physically a cable modem network is indeed a bus. Logically it's a switched
network.
Most cable modem setups an ATM-VC between modem and head-end, so traffic
from/to a specific user is not visible for other users.
The Com21-platform has a setting that makes upstream traffic visible to all
users ('Peer2peer forwarding'). In that case browsing will work (Network
Neighborhood) even with NetBEUI. The default setting is off and in case of
IP-only traffic the provider should leave it off.
In case the head-end is connected to the backbone using Ethernet (which
is very often the case) the head-end also incorporates an Ethernet-switch.
I think the general consensus on this list is that you can't thrust a switch
to really isolate workstations from each other, because it's designed for
optimum performance and not security, and there are limitations like the
size of its CAM-table.
A switch may flood packets to multiple ports under certain circumstances.
To conclude:
- Some platforms are layer 2 based (e.g. Com21), but it's still a switched
network. Non-IP protocols (NetBEUI) may work on the local cable segment.
- The Cable Modem ISP can take measures to prevent traffic being visible to
all users.
- Assuming the Cable-ISP setup the platforms right, traffic is not visible
to all users, multicasts en broadcasts still are. For instance IP/NetBIOS
broadcasts provide an aspiring cracker with a lot
information about other users on the wire. Spanning Tree and Cisco Discovery
Protocol (CDP) from the switch behind it is sometimes also visible!
- To prevent IP-spoofing the ISP can lock down the specific modem/IP-address
combination using an ARP-filter. This filters only allows ARP's to the
users' IP-address.
- Unless the switch incorporated in the head-end locks down MAC-adresses to
VC's (modems), ARP spoofing IS a real danger on a cable/DSL network.
-
Rodney van den Oever / +31 6 55868577 / PGP Key ID 0x0A6CCE53
'Windows leads to anger, anger leads to hate, hate leads to the dark side'
Current thread:
- Re: Newspaper Article about Cable Modem security Rodney van den Oever (Nov 01)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)
- Re: Newspaper Article about Cable Modem security Michael Cassidy (Nov 02)
- <Possible follow-ups>
- Re: Newspaper Article about Cable Modem security Rodney van den Oever (Nov 01)
- RE: Newspaper Article about Cable Modem security Keller Dennis (DDSP) (Nov 01)
- Re: Newspaper Article about Cable Modem security Joseph S D Yao (Nov 01)
- RE: Newspaper Article about Cable Modem security Michael Cassidy (Nov 02)
- Re: Newspaper Article about Cable Modem security Steven Osman (Nov 01)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)
- Re: Newspaper Article about Cable Modem security REID FOX (Nov 01)
- Re: Newspaper Article about Cable Modem security Joseph S D Yao (Nov 02)
- Re: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Russ (Nov 02)
(Thread continues...)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)