PaulDotCom mailing list archives
Re: [Security Weekly] Is PPoE/A security important?
From: Lutz Schildt <ls () lsmooth de>
Date: Thu, 31 Jul 2014 16:00:04 +0200
If you had someones PPPoA username and password, you'd also have to be connected to the same ISP to do anything with it since only the BRAS of that ISP (or of some ISP using that ISPs infrastructure) would accept the credentials. You might be able to login and use that connection depending on the ISP in question.
Let's assume you get a session. In that case you might be able access the Internet, but not as if you were that person. You would just be using his credentials and his account. If the account is capped the person will probably notice that something is up when all of a sudden he reaches his transfer-volume-cap while normally not even getting close to it. Also if you'd be doing stuff you shouldn't (besides committing a crime by using his credentials) they'd probably first be turning to him but the ISP could still trace it back to your line.
What would be worse would probably be the fact that many ISPs use the same credentials (at least the password) for the main-email-address and/or the customer website to manage email-addresses etc. you get which in turn means you could access his or her emails, possibly private information. So if you get access to usernames and passwords of an ISP that does that would likely mean access to lots of information and also email-accounts and with those access to whatever the person uses those accounts for.
Am 30.07.2014 19:15, schrieb James Woolley:
Does anyone know how important the PPPoE/A authentication details provided by your ISP? If there was a method to enumerate other peoples usernames and passwords. Would this be a problem?For example. If I knew someone’s PPPoA username and password, could it be configured on my home router and browse the internet as though I was that person? (in the eyes of the ISP).I can find a lot of information on what PPPoE/A is, but not much on how the ISP use the details._______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail securityweekly com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- [Security Weekly] Is PPoE/A security important? James Woolley (Jul 30)
- Re: [Security Weekly] Is PPoE/A security important? Lutz Schildt (Aug 01)
- Re: [Security Weekly] Is PPoE/A security important? Bacon Zombie (Aug 01)
- Re: [Security Weekly] Is PPoE/A security important? Lutz Schildt (Aug 01)