Firewall Wizards mailing list archives
Re: Newspaper Article about Cable Modem security
From: "Rodney van den Oever" <roever () nse simac nl>
Date: Mon, 1 Nov 1999 07:48:43 +0100
http://www.detnews.com/1999/technology/9910/26/10260168.htm
The sad part is that even if they have file and print sharing turned off,
you can still be >hacked and or hijacked, cable modem networks are not distributed star, but more >like a bus network ( think of it like a river ) and anyone can get a sniffer and "drink" >packets and look for "password" or capture 40bit encryped https sessions, save >them and crack them later to reveal credit card numbers etc. Physically a cable modem network is indeed a bus. Logically it's a switched network. Most cable modem setups an ATM-VC between modem and head-end, so traffic from/to a specific user is not visible for other users. The Com21-platform has a setting that makes upstream traffic visible to all users ('Peer2peer forwarding'). In that case browsing will work (Network Neighborhood) even with NetBEUI. The default setting is off and in case of IP-only traffic the provider should leave it off. In case the head-end is connected to the backbone using Ethernet (which is very often the case) the head-end also incorporates an Ethernet-switch. I think the general consensus on this list is that you can't thrust a switch to really isolate workstations from each other, because it's designed for optimum performance and not security, and there are limitations like the size of its CAM-table. A switch may flood packets to multiple ports under certain circumstances. To conclude: - Some platforms are layer 2 based (e.g. Com21), but it's still a switched network. Non-IP protocols (NetBEUI) may work on the local cable segment. - The Cable Modem ISP can take measures to prevent traffic being visible to all users. - Assuming the Cable-ISP setup the platforms right, traffic is not visible to all users, multicasts en broadcasts still are. For instance IP/NetBIOS broadcasts provide an aspiring cracker with a lot information about other users on the wire. Spanning Tree and Cisco Discovery Protocol (CDP) from the switch behind it is sometimes also visible! - To prevent IP-spoofing the ISP can lock down the specific modem/IP-address combination using an ARP-filter. This filters only allows ARP's to the users' IP-address. - Unless the switch incorporated in the head-end locks down MAC-adresses to VC's (modems), ARP spoofing IS a real danger on a cable/DSL network. - Rodney van den Oever / +31 6 55868577 / PGP Key ID 0x0A6CCE53 'Windows leads to anger, anger leads to hate, hate leads to the dark side'
Current thread:
- Re: Newspaper Article about Cable Modem security Rodney van den Oever (Nov 01)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)
- Re: Newspaper Article about Cable Modem security Michael Cassidy (Nov 02)
- <Possible follow-ups>
- Re: Newspaper Article about Cable Modem security Rodney van den Oever (Nov 01)
- RE: Newspaper Article about Cable Modem security Keller Dennis (DDSP) (Nov 01)
- Re: Newspaper Article about Cable Modem security Joseph S D Yao (Nov 01)
- RE: Newspaper Article about Cable Modem security Michael Cassidy (Nov 02)
- Re: Newspaper Article about Cable Modem security Steven Osman (Nov 01)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)
- Re: Newspaper Article about Cable Modem security REID FOX (Nov 01)
- Re: Newspaper Article about Cable Modem security Joseph S D Yao (Nov 02)
- Re: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Robert Graham (Nov 01)
- RE: Newspaper Article about Cable Modem security Russ (Nov 02)
(Thread continues...)
- Re: Newspaper Article about Cable Modem security Wozz (Nov 01)