Full Disclosure mailing list archives
RE: AW: RE: Computer Sabotage by Microsoft
From: "Rainer Gerhards" <rgerhards () hq adiscon com>
Date: Fri, 12 Sep 2003 17:34:52 +0200
As I said, I do not have an XBOX... Somebody who can confirm?
Rainer Gerhards wrote:I may be wrong, but I thought they would obtain the MAC address via some API they have in their XBOX, that is they talk to the box, ask it for its address and the box replies with it. Then, the router won't help.Surely that would make it even worse - as all that is needed is the xbox itself, and a hack of the API that increments the mac by one every time it is queried?
I assume, if they are not dumb-minded, that the communication is using strong cryptography and that the API also deals with cryptography (if it exists). So it should be hard to do. But if you hack the box, that could probably make it really worse. One safeguard against this would be to only allow one MAC address per IP within a given period of time. That doesn't mitigate the total risk, but it would reduce such a DoS on innocent XBOXes... As would a whitelist of shipped MACs. Rainer _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: AW: RE: Computer Sabotage by Microsoft Rainer Gerhards (Sep 12)
- Re: AW: RE: Computer Sabotage by Microsoft Dave Howe (Sep 12)
- <Possible follow-ups>
- RE: AW: RE: Computer Sabotage by Microsoft Rainer Gerhards (Sep 12)