Vulnerability Development mailing list archives

RE: chaging your @home IP address... could you take a bunch of them....probably.

From: "apokalyptik" <apokalyptik () apokalyptik com>
Date: Tue, 5 Feb 2002 21:26:22 -0800

If someone feels like exploring the idea further and needs to collect
mac addresses, I've written a small script to get MAC's and associated
IP's

It's not a slick c program, or anything... but a php script... meant to
run from the command line...

----------------------------- begin script here
----------------------------
#!/usr/local/bin/php -f
<?php

  $dumpcommand='tcpdump -e -n -t ip';

  $maddr[]='00:80:C8:E8:1B:73'; ## Your Mac Address.... i didnt see a
reason           
                                ## to have to manually get it
                                ## plus it helps with the foreach loops 
                                ## (they dont like un-init'd arrays)

  $ipaddr[]='24.127.14.132';    ## See Above... but its your ip (duh?)

  $counter=1;                   ## whether you want the script to count 
                                ## processed packets for you...


  ####################################################################
  # Script... Dont modify unless I screwed up (which I probably did) #
  ####################################################################

  set_time_limit(0);
  $pp=popen($dumpcommand, 'r');

  function ip_fix($ip) {
   $ip=explode('.', $ip);
   $newip.=$ip[0].'.';
   $newip.=$ip[1].'.';
   $newip.=$ip[2].'.';
   $newip.=$ip[3];
   return($newip);
  }

  function mac_fix($mac) {
   $mac=explode(':', $mac);
   if ( strlen($mac[0]) == 1 ) {
    $mac[0]='0'.$mac[0];
   }
   $mac=implode(':', $mac);
   return($mac);
  }
 
  function match($mac, $ip) {
   global $maddr, $ipaddr, $count, $counter;
   if( eregi('..:..:..:..:..:..', $mac) ) {
    $same=2;
    foreach($maddr as $madr) {
     if ( $madr == $mac ) {
       $same=1;
     }
    }
    foreach($ipaddr as $ipadr) {
     if ( $ipadr == $ip ) {
      $same=1;
     }
    }
    if ( $same != 1 ) {
     $maddr[]=$mac;
     $ipaddr[]=$ip;
     echo '     '.$mac.' <---> '.$ip.chr(10);
     if ( $counter == 1 ) {
        echo '['.str_pad($count, 12, '.', STR_PAD_LEFT).']';
     }
    }
   }
  }

   if ( $counter == 1 ) {
    $count=0;
   }
  while($line=fgets($pp, 9999)) {
   $bang=explode(' ', $line);
   if ( $counter == 1 ) {
    $count++;
    if ( $count > 1 ) {
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
     echo chr(8);
    }
    echo '['.str_pad($count, 12, '.', STR_PAD_LEFT).']';
   }
   if ( mac_fix($bang[0]) != $maddr[0] ) {
     match(mac_fix($bang[0]), ip_fix($bang[4]));
   } else {
     match(mac_fix($bang[1]), ip_fix($bang[6]));
   }
  }

?>
-------------------------------- End Script Here: -------------------

-----Original Message-----
From: b0iler _ [mailto:b0iler () hotmail com] 
Sent: Tuesday, February 05, 2002 7:21 PM
To: Vuln-Dev () securityfocus com
Subject: Re: chaging your @home IP address... could you take a bunch of
them....probably.

I had a simular idea a few weeks ago, I posted to bsrf's message board
and 
no one replied.

http://dvd.box.sk/wb/index.php3?did=blacksun&disp=65015

If you don't want to visit that link here is the post:

"
Posted by b0iler *.tnt1.holman.wi.da.uu.net - 2002/Jan/26 09:27

Cable lan hacking..

I had an idea recently, but I suck at C and don't have cable.. so no way
to 
test it.

The goal is simple: get around restrictions cable isps set on users. The

400kb/s "cap" they put on you or whatever. The idea is to spoof the
ips/macs 
of other users on the lan inorder to trick the isp into thinking the 
requests are comming from more than one customer and therefore it will
give 
you 400kb/s per ip/mac. Since it's a lan, this will be non-blind
spoofing, 
so sniffing the packets will allow you to read them. And if for some
reason 
you can't just send random packets with spoofed ips out and sniff them
you 
can DoS the other users (also works to increase overall bandwidth
problems 
in the lan ;)

It's possible right? I mean you could get like 5mb/s if you had 20 or so
ips 
going at once and sniffing them.
"

seems like it would work, but as someone posted the "cap" might not be
set 
by the ip/mac/user but purhaps the modem.


_________________________________________________________________
Join the world's largest e-mail service with MSN Hotmail. 
http://www.hotmail.com

Current thread:

Re: chaging your @home IP address... could you take a bunch of them....probably. b0iler _ (Feb 05)
- RE: chaging your @home IP address... could you take a bunch of them....probably. apokalyptik (Feb 05)
- <Possible follow-ups>
- Re: chaging your @home IP address... could you take a bunch of them....probably. Bugtraq Mailing Lists (Feb 07)