RE: frame relay...

["Sink, Douglas D (Doug), BNSVC" <ddsink () att com>]

You can tap into someone's access line and easily decode frame relay. Or, if
you had physical access to a backbone trunk and can decode ATM (AT&T's frame
relay backbone protocol), you could sniff that. However, you'd need some
intelligence to determine whose traffic you were looking at from one cell to
the next. One way would be to reassemble all the cells from one VP/VC back
into the frames for a single PVC. Then look at content to determine who the
user might be. Or, break into some admin system that maps vp/vi into
customers' PVCs.

I don't know if AT&T has sniffers always tapped on to a line that you could
break into and take over.

I am sure it's possible but it shouldn't be easy.

Doug Sink
AT&T

-----Original Message-----
From: R. DuFresne [mailto:dufresne () sysinfo com]
Sent: Monday, November 22, 1999 6:46 PM
To: firewall-wizards () nfr net
Subject: frame relay...


Folks,

I'm wondering about the security of frame realy connections.  How easy
would it be for others to snarf up traffic from a frame realy cloud?

Has there ever been a report of a 'hacked' system via a frame realy
connection?

Do tools exist that can accomplish this? Or would it at least require a
fullend sniffer box with the proper modules to snarf such packets?


Thanks, heading to the books to look about myself some too,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!