nanog mailing list archives
Re: Security problem in PPPoE connection
From: Peter Dambier <peter () peter-dambier de>
Date: Sun, 12 Mar 2006 10:09:15 +0100
Joe Shen wrote:
Hi, We are facing problem with PPPoE in ethernet accessnetwork.To provide high speed access, 10Mbps/100Mbps ethernet is used as access method. But, we found some guy 'steal' some other's account by listening to broadcasting packets, and they also set up 'phishing' PPPoE server to catch those PPPoE authenticationpackets.With ATM DSLAM,we could solve this by binding account with PVC. With ethernet, although we could seperate subscribers into VLANs there is more than 100subscribers within one VLAN.What's your method to deal with such problem? Will CHAP in PPPoE help? thanks Joe
http://www.juniper.net/products/eseries/ Hi Joe, I am connected through this one: Access-Concentrator: DARX41-erx AC-Ethernet-Address: 00:90:1a:a0:01:46 -------------------------------------------------- I guess dtag.de has got some 8 of them. Everybody (almost) offering dsl in germany goes through their infrastructure. The ip address range 84.167.0.0/16 seems to be shared by all of them. I did have an "intruder" myself reported by arpwatch. host_look("192.168.20.80","fluffy.n","3232240720"). host_name("192.168.20.80","fluffy.n"). That thing is a PPPoE modem looking like a bridge. It allows different people behind it to access the DARX41-erx using different mac addresses (client) and userid/passwords to access each their own ISPs. All of these boxes have the same ip-address. If a box finds anotherone via arp then it shuts down. To prevent broadcast storms? That box made me look very carefully at PPPoE but I never have seen anything but the packets that were sent to me only. I did supply a PPPoE server. It never saw anybody access it but my own machines. I tried to reach my neighbar an to build a private communications channel. Never could we see eachother. I guess dtag.de feels so secure with them that they dont enable chap. Using chap will help you but it will not solve the real problem. At least you will make the "poor fishermen" angry - but maybe nasty too. Have a look at http://iason.site.voila.fr/ http://www.koom.com/iason/ There are some tools that might help you tracking those people via their mac-addresses. Chance is good you might make some friends. You can alwys need some people with a clue, cant you :) Kind regards Peter and Karin -- Peter and Karin Dambier The Public-Root Consortium Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: peter () peter-dambier de mail: peter () echnaton serveftp com http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
Current thread:
- Security problem in PPPoE connection Joe Shen (Mar 11)
- Re: Security problem in PPPoE connection Peter Dambier (Mar 12)
- Re: Security problem in PPPoE connection Florian Weimer (Mar 12)
- Re: Security problem in PPPoE connection Niels Bakker (Mar 12)
- Re: Security problem in PPPoE connection Joe Shen (Mar 12)
- Re: Security problem in PPPoE connection Sean Donelan (Mar 13)
- Re: Security problem in PPPoE connection Joe Shen (Mar 12)
- Re: Security problem in PPPoE connection Florian Weimer (Mar 12)
- Re: Security problem in PPPoE connection Steven M. Bellovin (Mar 12)
- Re: Security problem in PPPoE connection Florian Weimer (Mar 12)
- Re: Security problem in PPPoE connection Steven M. Bellovin (Mar 12)
- Re: Security problem in PPPoE connection Joe Maimon (Mar 12)
- Re: Security problem in PPPoE connection Peter Dambier (Mar 12)