Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hijack IP Address using cable modem

From: Dick Visser <dick () TIENHUIS NL>
Date: Wed, 28 Mar 2001 21:37:52 +0200
Hi

I just thought of another way of hacking.
Since I see ARP traffic on my interface, but no other traffic from any
host unless it's destination is my IP, lets do the following:

Watch ARP traffic some time. This way you know that victim with mac adress
VMAC gets ip adress VIP from the cable company's DHCP server.
Next let your own dhcpd listen on the internet-interface and have it
configured to also give VIP to VMAC. Provide victim also with the same DNS
as he would get from provider, but give him the gateway-IP of your
machine.
Now set up apropriate routing so victim does not notice anything.

When this works, you have the same possibilities for sniffing etc as
victim were on the same ethernet-segmnet - and that's not the case in the
default config.

Also there would be ways to hijack connections, even better that if victim
was on the same ethernet because there is no problem of having multiple
hosts with the same IP. All traffic goes through your box.

Or am I dwelling off :)

--

  *    ***     Dick Visser
 **   *   *    TIENHUIS consultancy
  *   * ***    Linux, networking, security
  *   * * *    J. Catskade 10h             T +3120 6843731
  *   **  *    1052 BW Amsterdam           F +3120 8641420
  *   *   *    The Netherlands
  *   *   *    W: http://www.tienhuis.nl
 ***   ***     E: d.n.m.visser () tienhuis nl
Previous By Date Next
Previous By Thread Next

Current thread: