Penetration Testing mailing list archives

Re: blind demodulation - sound card - lucent winmodem - new topics

From: Evrim ULU <evrim () envy com tr>
Date: Sat, 06 Jul 2002 11:31:26 +0300

Jay Stapleton wrote:

-----Original Message-----

From: CJ Oster [mailto:cjo () dothe12 com]Sent: Thursday, July 04, 2002 10:51 PM

To: Jay Stapleton
Subject: Re: blind demodulation - sound card - lucent winmodem - new
topics

This idea is great, but you have to have access to the phone line to
make it
worth while, which means sitting at the telco distribution box on the
corner
of the person/place you want to sniff.  While we're on the subject, does
anybody know if a similar thing can be pulled off with a cable modem?
They
say cable modems are "shared media" which is why you never get the
advertised speeds, but by "shared media", do they mean that every other
user's signals are available on your cable line also?  Just a thought.

Heh. Yes. Physical access is required but this is simple via slam boxes. (slam?the boxes near the road which contains all lines to near houses. I do notremember if they were called slam or so.) If one can demodulate the traffic, anRF trasmitter can be placed inside these slams to sniff the line. Besides linevoltage can be used to fed these transmitters. We know that feeding somethingfrom line voltage will decrease the quality of the line so we fed the line withneighbours' line. Since our neighbour is very old and does not have acomputer, she never realizes the decrease in the line voltage. Using the small &dirty RF transmitter, a laptop inside a car can read the traffic while passingnear by the slam accidentally.

But of course these are spyware craps. Can be done but theory & idea of trelliscoded demod. is more important to me than the spyware RF implementation.

About cable modems, a friend told me that if somebody has a cable access in mybuilding than i can have access to internet simply by plugging the modem into mycoaxial cable. Of course, assuming providers' tftpd,dhcpd is buggy & can beexploited. But i don't think that one can sniff neighbours traffic by this method.



--
Evrim ULU
evrim () envy com tr / evrim () core gen tr
sysadm
http://www.core.gen.tr


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: blind demodulation - sound card - lucent winmodem - new topics Evrim ULU (Jul 02)
- Re: blind demodulation - sound card - lucent winmodem - new topics Deus, Attonbitus (Jul 03)
- Re: blind demodulation - sound card - lucent winmodem - new topics Ian Charnas (Jul 05)
- <Possible follow-ups>
- RE: blind demodulation - sound card - lucent winmodem - new topics Jay Stapleton (Jul 03)
- RE: blind demodulation - sound card - lucent winmodem - new topics Jay Stapleton (Jul 05)
  - Re: blind demodulation - sound card - lucent winmodem - new topics Evrim ULU (Jul 07)
    - Re: blind demodulation - sound card - lucent winmodem - new topics Neil mccauley (Jul 08)