Re: swbell DSL bug ?

[spoonm () PACMAN SPOONTECH NET (spoonm)]

Well on that same idea, but on cable.  I am using hsacorp cable service
under the Charter Network.  Basically i was told you get 1 ip address that
is released every 24 hours or so. Well under windows it seems to do this,
but when i boot up my linux router, i had dhcp give me my ip.  Then i just
that ip and the routes into a static setup, and my ip hasnt changes in 3
months.  So, then i wanted another ip for another server, so i pulled the
nic out of my linux w/dhcp box and blopped it into my openbsd box and just
setup the normal ip and routes, blah blah, and since the cable runs on
mac, it worked fine.. then i just got dhcp to dish me out another ip
address, and did the same thing again.  I know its not really a hole, or
vulnerablity like some people think, im just making a point on how you can
get a little more bang for you buck on some cable services.

spoonm, Sr President Spoontech
http://www.spoontech.net

On Sun, 7 May 2000, Ryan Bonnett wrote:

> With US West DSL services on my linux machine I was taking an entire C block
> in this same fashion.  You have to realize, these are DHCP address pools
> that you are doing this with.  There is no significant advantage to taking
> more than one address, it isn't like you can provide any reliable service on
> a dynamic address.  If they ran out of IP address space, went in to check
> out why, and saw you hogging a bunch of addies, they'd probably terminate
> your service.  At the very least they would clear all connections to the
> pool and give you a call.  This is how networks are meant to work, there is
> no bug or vulnerability here, just the possibility that you'll anger your
> service provider.
> ___________________________________________
> Ryan Bonnett
> Product Operations Engineer
> Excite @ Home E-Business Services Group
> rbonnett () excithome net
>
> Everything should be made as simple as possible, but not simpler.
> -Albert Einstein
> -----Original Message-----
> From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of Ryan
> Sweat
> Sent: Sunday, May 07, 2000 1:24 PM
> To: VULN-DEV () SECURITYFOCUS COM
> Subject: swbell DSL bug ?
>
>
>      Southwester Bell is a big provider of dsl access in some parts of the
> US.  Dhcp provides an IP address and the lease expires in about 72 hours.
> They claim the IP cannot be changed, however when playing around last night,
> I found if you install another ethernet card, and switch the cable to the
> new card, it happily gives you another IP address.  The dhcp server must
> rely on mac address when providing a lease for an ip.  This could pose many
> problems.  How can accounting be kept when a user can change his ip whenever
> he likes?  I have more testing to do, but I do not see why you couldnt
> install a few nic cards and get ip address for each one, which swbell would
> like to charge you much more money for.  I am looking into a way to change
> the mac address in windows. I know it can be done in linux through ifconfig.
> Maybe somone has experience in this ??
>
> batrox () swbell net