Vulnerability Development mailing list archives
Re: Hijack IP Address using cable modem (fwd)
From: lists () BETA EVOLUTIONH COM
Date: Wed, 28 Mar 2001 23:26:00 -1000
I used to be an @home customer using some CyberSurf cable modem and I looked into the idea of hijacking or spying then. I found some white pages on the modem and the modem turned out to have TONS of security crap to prevent any such MAC address spoofing or even spying as suggested. It appeared to me then that the engineers had completely thought out these issues and solved them. So I gave up on the idea. ---------- Forwarded message ---------- Date: Wed, 28 Mar 2001 13:33:34 -0500 From: "Williamson, Glenn" <Glenn.Williamson () XWAVE COM> To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Hijack IP Address using cable modem -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Whether Patrick was coming from this point of view is beyond me. You would still have an apparent problem with 2 host machines with the same IP address(mac) 2 exact IP addresses cause a big problem for routers anyways. Who ever gets the packet first responds with a syn, if 2 syn's came back the the original packet would not understand. It falls under the handshake that is expected to establish communications between 2 different entities, first syn, syn ack, then syn, doesn't work if it goes syn, syn ack - syn ack, syn. If I'm wrong well that was my 2 cents worth. And yes was a @home customer for 2 years Glenn - -----Original Message----- From: Patrick Patterson [mailto:ppatterson () carillonis com] Sent: March 28, 2001 11:31 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: Hijack IP Address using cable modem - -----BEGIN PGP SIGNED MESSAGE----- I think I see where Patrick was coming from with this: Victim turns on his computer, and gets an IP address Cracker, while sniffing the Cable segment notices that IP adress foo is assigned to MAC bar Cracker changes his own MAC address to bar, and brings up IP address foo on this new MAC address (some Ethernet cards have overwritable MAC addresses) Since both Cracker and Victim have the same MAC, Cracker get's all packets for Victims computer, and is able to impersonate victim. This is just a slightly more sophisticated IP Address Spoofing attack.... and I don't think it will work... - From what I know of Cablemodem networks, there are actually several parts. 1: The cable network - the 'Modem' talks to the Cable Company terminal equipment and ensures that you are a valid subscriber. 2: The IP Network - the routers keep track of which IP and MAC, is on which Cable Modem - thus making this attack unlikely to succeed.... I haven't tested this, and might be horribly wrong, but I don't think so - this is one of those things that looks better in theory than in practice - Is anyone from @HOME or ATT around to confirm/deny what's I've written? On Wednesday 28 March 2001 09:09, Nick Summy wrote:
Now I hardly know anything about this subject, so correct me If im wrong, but I have a few questions.
<SNIP> - - -- Patrick Patterson Tel: +1 514 485-0789 President, Chief Security Architect Fax: +1 514 485-4737 Carillon Information Security Inc. E-Mail: ppatterson () carillonis com - - ----------------- The New Sound of Network Security - ----------------- << http://www.carillonis.com >>
Current thread:
- Re: Hijack IP Address using cable modem (fwd) lists (Mar 29)