Penetration Testing mailing list archives
RE: Identify rogue adsl modems routers in the network
From: "THORNTON Simon" <Simon.THORNTON () swift com>
Date: Fri, 30 May 2008 13:56:50 +0200
Hi, One way you can detect an ADSL modem in PPPoE mode is to use the PPPoE discovery protocol (PPPoED), any DSL router in the broadcast domain will respond. The PADI query frame is as follows: 0000 ff ff ff ff ff ff mm mm mm mm mm mm 88 63 11 09 .......P .....c.. 0010 00 00 00 0c 01 01 00 00 01 03 00 04 ii ii ii ii ........ ........ Where: mm mm mm mm mm mm is mac address of your machine ii ii ii ii is a uniq identifier (99 30 00 00 on mine) Any DSL modem will respond with PADO (PPPoE Active Discovery Offer): 0000 mm mm mm mm mm mm ss ss ss ss ss ss 88 63 11 07 .P...... ;.g..c.. 0010 00 00 00 2d 01 01 00 00 01 03 00 04 ii ii ii ii ...-.... ........ 0020 01 02 00 19 zz zz zz zz zz zz zz zz zz zz zz zz ....Provider DSL 0030 zz zz zz zz zz zz zz zz zz zz zz zz zz 01 01 00 node name........ 0040 00 Where: ss ss ss ss ss ss is mac address of the DSL modem mm mm mm mm mm mm is mac address of your machine ii ii ii ii is the uniq identifier from the PADI (99 30 00 00 on mine) zz zz ..... is the provider name of the DSL node (variable) You can use whatever packet creator/injector (nemesis) to inject the PADI frame and then sniff the line to see who responds. If you don't want to roll your own packets then use the PPPoE package that comes with your distro, doesn't matter what account details you set. Start the sniffer and then start do an adsl-start or similar, this will generate PADI frames which you can then sniff for the PADO replies. The only usage issue I've seen relates to whether your switches forward broadcast traffic. If not then this will only detect modems on the local segment, have to repeat this on each segment/vlan. For details of the PADI/PADO format look at RFC 2516 or search on wikipedia. TTFN, Simon -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of t35tman Sent: Monday, May 26, 2008 18:25 To: pen-test () securityfocus com Subject: Identify rogue adsl modems routers in the network Hi all, Had a weired requirement recently. I was wondering if there is any way to detect an adsl modem/router connected to a phone line. The scenario being able to trace the adsl modem/router internally from within the corporate network or externally from the ISP network. The only option I see is to check with the ISP ... any suggestions ? Thanks and Regards ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: Identify rogue adsl modems routers in the network, (continued)
- Re: Identify rogue adsl modems routers in the network Steve Friedl (May 28)
- RE: Identify rogue adsl modems routers in the network Sam Stern (May 28)
- Re: Identify rogue adsl modems routers in the network Peter Van Epp (May 28)
- Re: Identify rogue adsl modems routers in the network Dave McCormick (May 28)
- Re: Identify rogue adsl modems routers in the network Michael Painter (May 28)
- Re: Identify rogue adsl modems routers in the network Mario Spinthiras (May 29)
- Re: Identify rogue adsl modems routers in the network Volker Tanger (May 28)
- Re: Identify rogue adsl modems routers in the network pinowudi (May 28)
- RE: Identify rogue adsl modems routers in the network Shenk, Jerry A (May 28)
- Re: Identify rogue adsl modems routers in the network Nikhil Wagholikar (May 28)
- RE: Identify rogue adsl modems routers in the network THORNTON Simon (May 30)