Vulnerability Development mailing list archives
Re: fooling hubs [ARP Spoofing]
From: christophervincent () STMARKSSCHOOL ORG (Vincent; Christopher)
Date: Tue, 8 Feb 2000 19:40:48 -0500
Mediaone (bought by Road Runner) authenticates its users by the MAC of the ethernet card that the cable modem is connected to. The tech that installed mine used a portable cable modem and his laptop to install it. He hooked his laptop/nic/cable modem (it is a LANCity, like mine) up to the network and opened an app that lets you modify the database of customers. It looked to me like he was connected to a router of some sort (with a gui made by Mediaone) that also programed your MAC into M1s database. If you plug the cable modem into another ethernet card it will not work. I dont thing that the actual cable modem is denying the service, but rather whatever your cable modem is talking to. If I programed the MAC of one of my spare NICs to that of that one that M1 knows I have, i bet it will work. If I program it to the MAC of my friends, i bet that it will think that I am my friend! Now, M1 doesnt have a download limit / cap (its has a speed cap at 1.5mbps down and 356kbps up) so it would not serve any purpose other than discovery on how M1 actually authenticates. The only danger that it could pose to spoof my friends MAC is that some M1 websites let you change your e-mail password and some e-mail settings, and they used (last time I checked) to authenticate by the cable modem you were on. One more note about the tech that installed mine, he pluged his laptop in and typed in the MAC of my network card, then he just pulled out the new cable modem and pluged it in. The cable modem was not programed at all, it was just pulled out of the box and un-shrink-wraped. The modem itself could be considered "dumb", and has nothing to do with tracking your stats. -Chris -----Original Message----- From: H D Moore [mailto:secure () SECUREAUSTIN COM] Sent: Monday, February 07, 2000 8:12 AM To: VULN-DEV () SECURITYFOCUS COM Subject: Re: fooling hubs [ARP Spoofing] Hi, Road Runner uses the modem serial number in conjunction with special routing hard/software to determine your usage. This means that you cant just snag someone elses MAC/IP because the switch know what serial number goes to which port. How the switch recieves the serial number is unknown, I think it is done during the initial setup when the modem is being 'registered' by the tech that installs it. Using a program like changemac just annoys thier admins, as it looks like you have multiple computers and are switching between them (a friend of mine works at the cable co and told me how they track usage/etc). If anyone knows something to the contrary or know what protocol the Motorola Waverunner modems use to register themselves (or about the switches used), please let me know! -HD Jeff Bachtel wrote:
Oddly enough, there was a post to misc () openbsd org from a guy who said he found a way to treble his upload speed on his cable modem by proxy arp'ing to the mac address of his cable modem. I don't know how well that would work with different providers, but if someone hacks together a little windows utility to sniff out the arp of the cable modem, and set windows to start proxying it automatically, that would seem likely to regress cable modem back into the good ol' (or bad ol') days of near-unlimited bandwidth. Does anyone know the likelihood of this actually working? jeff On Thu, Feb 03, 2000 at 10:05:34PM +0000, David aka SpanskA wrote:Hi, I was looking at ARP spoofing postings for a while and I was
wondering if
it was possible to permanently fool some hubs or routers. My ISP (Cablevision) is using some kind of system to know how much I'm
uploading
and downloading. I succesfully did it one time with a little prog called "changemac". If
you
wanna look at it just go to packetstorm archive. Unfortunately, the last month I checked the data report I could see that my ISP was able to know (again!) how much I was downloading and uploading. Is this a bug with some kind of hardware or with ARP protocol? Sorry for my English mistakes...
Current thread:
- Re: Notes Domino Server Platform for e-commerce?, (continued)
- Re: Notes Domino Server Platform for e-commerce? Crispin Cowan (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Ryan PErmeh (Feb 10)
- Re: Notes Domino Server Platform for e-commerce? Blue Boar (Feb 10)
- its: recursion Pauli Ojanpera (Feb 09)
- Re: its: recursion Sean Burford (Feb 09)
- Hellvisory #0001! Lucifer Mirza (Feb 09)
- Re: its: recursion Blue Boar (Feb 09)
- Re: its: recursion Dmitry Alyabyev (Feb 10)
- Re: recursion Blake Frantz (Feb 09)
- Re: Notes Domino Server Platform for e-commerce? Gerardo Richarte (Feb 10)
- Re: fooling hubs [ARP Spoofing] Bobb Voigt (Feb 11)
- Re: fooling hubs [ARP Spoofing] David Basden (Feb 09)