Vulnerability Development mailing list archives
Re: Hijack IP Address using cable modem
From: Reb <reb () openrecords org>
Date: Thu, 29 Mar 2001 01:37:11 -0600
Greetings, Unfortunately this type of attack would not work as well as one would think. Most cable providers limit upload speed, so the person that is being hijacked would notice the 16k/sec throughput as a major slowdown. An alternative to this problem would be to have a fast link to the Internet (T1 or whatever) and route the box being attacked through the fast link so that they don't see a considerable difference in their service. Reb Hi I just thought of another way of hacking. Since I see ARP traffic on my interface, but no other traffic from any host unless it's destination is my IP, lets do the following: Watch ARP traffic some time. This way you know that victim with mac adress VMAC gets ip adress VIP from the cable company's DHCP server. Next let your own dhcpd listen on the internet-interface and have it configured to also give VIP to VMAC. Provide victim also with the same DNS as he would get from provider, but give him the gateway-IP of your machine. Now set up apropriate routing so victim does not notice anything. When this works, you have the same possibilities for sniffing etc as victim were on the same ethernet-segmnet - and that's not the case in the default config. Also there would be ways to hijack connections, even better that if victim was on the same ethernet because there is no problem of having multiple hosts with the same IP. All traffic goes through your box. Or am I dwelling off :) -- * *** Dick Visser ** * * TIENHUIS consultancy * * *** Linux, networking, security * * * * J. Catskade 10h T +3120 6843731 * ** * 1052 BW Amsterdam F +3120 8641420 * * * The Netherlands * * * W: http://www.tienhuis.nl *** *** E: d.n.m.visser () tienhuis nl
Current thread:
- Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Patterson (Mar 28)
- Re: Hijack IP Address using cable modem cdowns (Mar 28)
- Re: Hijack IP Address using cable modem Larry W. Cashdollar (Mar 28)
- Re: Hijack IP Address using cable modem Bill Munger (Mar 29)
- Re: Hijack IP Address using cable modem Mathias Wegner (Mar 28)
- Re: Hijack IP Address using cable modem Dick Visser (Mar 28)
- Re: Hijack IP Address using cable modem Reb (Mar 29)
- Re: Hijack IP Address using cable modem Patrick Patterson (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 29)
- Re: Hijack IP Address using cable modem David Laganière (Mar 29)
- Re: Hijack IP Address using cable modem Clayton Hoskinson (Mar 29)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 28)
- Re: Hijack IP Address using cable modem moksha faced (Mar 29)
- <Possible follow-ups>
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Williamson, Glenn (Mar 29)
- Re: Hijack IP Address using cable modem cdowns (Mar 29)