Security Basics mailing list archives
Re: PPPoE + Switch sniffing
From: "Rob klein Gunnewiek" <rob.kleingunnewiek () gmail com>
Date: Mon, 31 Jul 2006 11:33:36 +0200
On 7/27/06, Carlos de Oliveira <carlos.oliv () gmail com> wrote:
Hello friends, As a manager of my network, I am woried of security. Recently we changed the HUB's for switch's in hope that we get more securitty. In a few days ago, we have seeing another Access concentrator in our network sending PADO's to the clients that wanted to connect. This access concentrator have the same MAC address of one of my clients. I would like to know what do you think that could be? I've searched google for this, but I didn't found any attack baseed on PPPoE + switch. Could this other access concentrator be trying to give connection to some of my clients just to sniff their connection?
It doesn't matter whether you use a switch or not. The PPPoE client will broadcast PADI packets, so they will arive at all hosts on the subnet. Whether you use a switch or not. If this is not simply some mistake of having a wrong setup, this looks like an attack. First of all, do you use some kind of MAC-address based filtering? That would explain why someone would forge the MAC address. Much more likely though it is not forged, I think the client you are talking about /IS/ the attacker! I think the attacker wants to steal other people's login stuff... I'm not familiar with Radius, but the PADO packets can include information on where the client should authenticate with. So I suppose this could be used to steal the logins of other clients in some way. That's my guess, Good luck. -- Regards, Rob klein Gunnewiek --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- PPPoE + Switch sniffing Carlos de Oliveira (Jul 28)
- RE: PPPoE + Switch sniffing Murda Mcloud (Jul 31)
- Re: PPPoE + Switch sniffing Rob klein Gunnewiek (Jul 31)