Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Adelphia Powerlink service vulnerable to man in the middle attacks by cable modem users.

From: "0x90" <0x90 () invisiblenet net>
Date: Thu, 12 Dec 2002 11:55:01 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----------------------------------------------------------------------
- ----

InvisibleNet Security Advisory ISA 1-1a security () invisiblenet com

http://www.invisiblenet.com

December 12th, 2002 - report issued by 0x90

- ----------------------------------------------------------------------
- ----

Subject: Adelphia PowerLink Network (http://powerlink.adelphia.com)
vulnerable to Arp Poisoning attacks and Promiscuous mode Sniffing.

Vulnerability: Arp Poisoning and monitoring of Subnet(s)

Problem-Type: remote

OS Specific: N/A

Problem Description:

A certain set of subnets on Adelphia's Powerlink network are treated
as a
HUB/SWITCH and therefore allow cable modem subscribers promiscuous
monitoring of the subnet, 
and arp poisoning (man in the middle) attacks. Upon finding this
flaw, it seems to only affect
windows users dhcp requests, as for *nix it hands off an entirely
different
subnet ip address that is not vulnerable. This doesn't stop one from
booting
into *nix and manually configuring their ip to be on the vulnerable
subnet.
To review, with arp poisoning, one can do a tremendous amount of
malicious
activity on a subnet, from DoS'ing the network, to hijacking DNS
servers,
and even attacking/cracking SSL/SSH/VPN negotiations. Promiscuous
mode, one
can passively monitor all traffic on the subnet, obtaining private
information, including logins/passwords, and private email.

Vulnerable Subnets:

please contact security () invisiblenet com for info regarding specific
subnets.



Solution:

The solution is varying on how the cable networks topology is
handled, and arp poisoning, as we know is not a completely solvable
issue
without a physical/virtual separation of Layer 3 from Layer 2 in the
OSI
Model. For promiscuous mode, don't have the network in HUB
mode.

Patch:

N/A.

Disclaimer:


InvisibleNet is not responsible for the misuse of any of the
information we
provide on this website and/or through our security advisories. Our
advisories are a service to our customers intended to promote secure
installation and use of InvisibleNet products.

- --0x90--
I'd crawl over an acre of "Visual This++" and "Integrated Development
That" to get to gcc, Emacs, and gdb.  Thank you.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBPfjpkTep2+UpsNFNEQIWlACg/Vf44LuQHkdwaotTTN2oOBlKAD0AniS2
gSXaIhcrh+Q5j9Po3Ct8BeYx
=CS8m
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: