Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

R: MITM ADSL IPoE

From: "Rissone Ruggero" <ruggero.rissone () telecomitalia it>
Date: Fri, 2 May 2008 09:34:59 +0200
Commercial products that could sniff an ADSL line are based also on layer 1.

http://www.tracespan.com/Products.html

http://www.broadframe.com/products/dslscope.html

I'm not sure if they also inject (or substitute) data on the line.

Best regards.

RR

________________________________________
Da: listbounce () securityfocus com [listbounce () securityfocus com] per conto di frog horror [frogho () gmail com]
Inviato: giovedì 1 maggio 2008 23.21
A: pen-test
Oggetto: MITM ADSL IPoE

Hi all,
I am trying to build a scenario where I could do a kind of MITM
connexion between a device (like a Residential Gateway) and the my
ADSL line (DSLAM). The WAN connexion is an IPoE over ATM connexion
without any kind of 802.1X (just Ethernet and DHCP on top of that...).
Therfore, I can imagine how easy it can be to insert a fake
Residential Gateway but what about a real MITM attack with a valid
Residential Gateway and my laptop betwwen the RG and the DSLAM. I am
pretty aware about kind of Layer 2/3 attacks and requirements but I am
still confused about the physical connectivity and what I need to
do/build to do such a thing.
Did any of you already experience that kind of things?
Thanks for your help
Frog

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
--------------------------------------------------------------------

CONFIDENTIALITY NOTICE

This message and its attachments are addressed solely to the persons above and may contain confidential information. If 
you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it 
immediately to the sender and delete the message. Should you have any questions, please contact us by replying to 
webmaster () telecomitalia it.

        Thank you

                                        www.telecomitalia.it

--------------------------------------------------------------------
                        

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: