Vulnerability Development mailing list archives
Re: Hijack IP Address using cable modem
From: moksha faced <mokshafaced () YAHOO COM>
Date: Wed, 28 Mar 2001 21:37:31 -0800
-----BEGIN PGP SIGNED MESSAGE----- I think I see where Patrick was coming from with this: Victim turns on his computer, and gets an IP address Cracker, while sniffing the Cable segment notices that IP adress foo is assigned to MAC bar Cracker changes his own MAC address to bar, and brings up IP address foo on this new MAC address (some Ethernet cards have overwritable MAC addresses) Since both Cracker and Victim have the same MAC, Cracker get's all packets for Victims computer, and is able to impersonate victim.
I don't know of a way to *change* the mac on the cable modem or cable switch/router
This is just a slightly more sophisticated IP Address Spoofing attack.... and I don't think it will work... From what I know of Cablemodem networks, there are actually several parts. 1: The cable network - the 'Modem' talks to the Cable Company terminal equipment and ensures that you are a valid subscriber.
Oh, boy, you can bet that is NOT the case. The cable guys showed up at my house but I had to hook it all up and get it working. They couldn't get the modem to come up.
2: The IP Network - the routers keep track of which IP and MAC, is on which Cable Modem - thus making this attack unlikely to succeed....
I think they *log* mac to dhcp leases, but there is no control and no authentication procedure. Perfect for MITM.
I haven't tested this, and might be horribly wrong, but I don't think so - this is one of those things that looks better in theory than in practice - Is anyone from @HOME or ATT around to confirm/deny what's I've written?
IF (big if) you could spoof the mac you're in... the trick is spoofing the mac on hardware (different than spoofing where you have an os to monkey with). Hunt etal work like a charm. I see guys doing it all the time, they knock over the whole network. The cable guys aren't watching. Their so busy they never even answer the phone so you can know they aren't watching.
On Wednesday 28 March 2001 09:09, Nick Summy wrote:Now I hardly know anything about this subject, socorrect me If im wrong,but I have a few questions.<SNIP> - -- Patrick Patterson Tel: +1 514 485-0789 President, Chief Security Architect Fax: +1 514 485-4737 Carillon Information Security Inc. E-Mail: ppatterson () carillonis com - ----------------- The New Sound of Network Security ----------------- << http://www.carillonis.com >>
__________________________________________________ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/?.refer=text
Current thread:
- Re: Hijack IP Address using cable modem, (continued)
- Re: Hijack IP Address using cable modem Larry W. Cashdollar (Mar 28)
- Re: Hijack IP Address using cable modem Bill Munger (Mar 29)
- Re: Hijack IP Address using cable modem Mathias Wegner (Mar 28)
- Re: Hijack IP Address using cable modem Dick Visser (Mar 28)
- Re: Hijack IP Address using cable modem Reb (Mar 29)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Patrick Maartense (Mar 28)
- Re: Hijack IP Address using cable modem Nick Summy (Mar 29)
- Re: Hijack IP Address using cable modem David Laganière (Mar 29)
- Re: Hijack IP Address using cable modem Clayton Hoskinson (Mar 29)
- Re: Hijack IP Address using cable modem moksha faced (Mar 29)
- Re: Hijack IP Address using cable modem cdowns (Mar 29)