Vulnerability Development mailing list archives
Re: Hijack IP Address using cable modem
From: Patrick Maartense <patrick () PATRICK AT>
Date: Wed, 28 Mar 2001 16:56:02 +0200
do it different preconfigure your system to have these IPs as well ifconfig eth0:0 .... bla bla next time the ARP comes. (make it come by pining the addres from a different system in another net) OH Yeah..... That way I took 4 class C's as proof of concept ( my 2.4.2 Linux Fw with 128M of mem started to choke because of the firewall tables) The ISP therefor was not that happy .... heres a snip from my subnet and they are guilty of this as i have known this for a while: [root@dsbelile /root]# tcpdump -i eth0 -vv -p arp -l > /tmp/media_sniff & tail -f /tmp/media_sniff [1] 4461 Kernel filter, protocol ALL, datagram packet socket tcpdump: listening on eth0 09:00:51.413545 B arp who-has 24.128.143.7 tell bvubr01.ne.mediaone.net 09:00:56.420043 > arp who-has bvubr01.ne.mediaone.net tell dsbelile.ne.mediaone.net (0:10:4b:6a:b2:15) 09:00:56.426959 < arp reply bvubr01.ne.mediaone.net is-at 0:b0:8e:f5:18:70 (0:10:4b:6a:b2:15) and bvubr01.ne.mediaone.net is the gateway / router for this subnet. [root@scavenger /root]# nslookup bvubr01.ne.mediaone.net Server: dns.corp.skillsoft.com Address: 10.0.2.78 Non-authoritative answer: Name: bvubr01.ne.mediaone.net Addresses: 24.128.8.240, 24.128.142.1 [root@scavenger /root]# also if you use ettercap ( either version ) or manually useing hunt and try any type of MITM attack useing the gateway and another machine on the subnet the entire subnet goes to crap. and it seams to me the router took a ARP flood and stopped resonding. im not positive but i think they are a form of cisco router. anyone have any ideas about this ? would love to hear and real good explanations. -D
Current thread:
- Re: Hijack IP Address using cable modem, (continued)
- Re: Hijack IP Address using cable modem Mathias Wegner (Mar 28)
- Re: Hijack IP Address using cable modem Dick Visser (Mar 28)
- Re: Hijack IP Address using cable modem Reb (Mar 29)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 29)
- Re: Hijack IP Address using cable modem David Laganière (Mar 29)
- Re: Hijack IP Address using cable modem Clayton Hoskinson (Mar 29)
- Re: Hijack IP Address using cable modem moksha faced (Mar 29)
- Re: Hijack IP Address using cable modem cdowns (Mar 29)