Re: Hijack IP Address using cable modem

["Larry W. Cashdollar" <lwc () VAPID DHS ORG>]

I moved from the Time-Warner Road-Runner network to the At&t network.  The
At&t network requires that you call them with your mac address upon
setup.  Your connection will only work with that mac address.  So if you
change cards you need to call them back and have them change the mac
address for you.  I suspect they are programming a smart switch.


On Wed, 28 Mar 2001, Patrick Patterson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
>
> I think I see where Patrick was coming from with this:
>
> Victim turns on his computer, and gets an IP address
> Cracker, while sniffing the Cable segment notices that IP adress foo is
> assigned to MAC bar
> Cracker changes his own MAC address to bar, and brings up IP address foo on
> this new MAC address (some Ethernet cards have overwritable MAC addresses)
> Since both Cracker and Victim have the same MAC, Cracker get's all packets
> for Victims computer, and is able to impersonate victim.
>
>
> This is just a slightly more sophisticated IP Address Spoofing attack.... and
> I don't think it will work...
>
> > From what I know of Cablemodem networks, there are actually several parts.
>
> 1: The cable network - the 'Modem' talks to the Cable Company terminal
> equipment and ensures that you are a valid subscriber.
> 2: The IP Network - the routers keep track of which IP and MAC, is on which
> Cable Modem - thus making this attack unlikely to succeed....
>
> I haven't tested this, and might be horribly wrong, but I don't think so -
> this is one of those things that looks better in theory than in practice - Is
> anyone from @HOME or ATT around to confirm/deny what's I've written?
>
> On Wednesday 28 March 2001 09:09, Nick Summy wrote:
> > Now I hardly know anything about this subject, so correct me If im wrong,
> > but I have a few questions.