Vulnerability Development mailing list archives

Re: fooling hubs [ARP Spoofing]

From: secure () SECUREAUSTIN COM (H D Moore)
Date: Mon, 7 Feb 2000 07:12:14 -0600


Hi,

Road Runner uses the modem serial number in conjunction with special
routing hard/software to determine your usage.  This means that you cant
just snag someone elses MAC/IP because the switch know what serial
number goes to which port.  How the switch recieves the serial number is
unknown, I think it is done during the initial setup when the modem is
being 'registered' by the tech that installs it.  Using a program like
changemac just annoys thier admins, as it looks like you have multiple
computers and are switching between them (a friend of mine works at the
cable co and told me how they track usage/etc).

If anyone knows something to the contrary or know what protocol the
Motorola Waverunner modems use to register themselves (or about the
switches used), please let me know!

-HD

Jeff Bachtel wrote:


Oddly enough, there was a post to misc () openbsd org from a guy who said
he found a way to treble his upload speed on his cable modem by proxy
arp'ing to the mac address of his cable modem.

I don't know how well that would work with different providers, but if
someone hacks together a little windows utility to sniff out the arp
of the cable modem, and set windows to start proxying it
automatically, that would seem likely to regress cable modem back into
the good ol' (or bad ol') days of near-unlimited bandwidth.

Does anyone know the likelihood of this actually working?

jeff

On Thu, Feb 03, 2000 at 10:05:34PM +0000, David aka SpanskA wrote:

Hi,
   I was looking at ARP spoofing postings for a while and I was wondering if
it was possible to permanently fool some hubs or routers. My ISP
(Cablevision) is using some kind of system to know how much I'm uploading
and downloading.

I succesfully did it one time with a little prog called "changemac". If you
wanna look at it just go to packetstorm archive. Unfortunately, the last
month I checked the data report I could see that my ISP was able to know
(again!) how much I was downloading and uploading.

Is this a bug with some kind of hardware or with ARP protocol?


Sorry for my English mistakes...

Current thread:

fooling hubs [ARP Spoofing] David aka SpanskA (Feb 03)
- Re: fooling hubs [ARP Spoofing] Panagiotis Malakoudis (Feb 03)
- Re: fooling hubs [ARP Spoofing] Robert van der Meulen (Feb 04)
  - Re: fooling hubs [ARP Spoofing] Trevor Schroeder (Feb 04)
- Re: fooling hubs [ARP Spoofing] Jeff Bachtel (Feb 05)
  - Re: fooling hubs [ARP Spoofing] H D Moore (Feb 07)
  - Notes Domino Server Platform for e-commerce? Baasner, Frank (Feb 07)
    - Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 08)
    - Re: Notes Domino Server Platform for e-commerce? Marc Esipovich (Feb 08)
    - Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 08)
    - Re: Notes Domino Server Platform for e-commerce? Marc Esipovich (Feb 09)
    - Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 09)
    - Re: Notes Domino Server Platform for e-commerce? Blue Boar (Feb 09)
    - Re: Notes Domino Server Platform for e-commerce? Derek Reynolds (Feb 09)
    - Re: Notes Domino Server Platform for e-commerce? Mark L. Jackson (Feb 09)
    - Re: Notes Domino Server Platform for e-commerce? Allan Jacobsen (Feb 09)

(Thread continues...)