AT&T/@Home Cable Modem Enumeration

From: uid0at_private
Date: Thu Nov 15 2001 - 13:13:43 PST

Next message: Dan Stromberg: "Re: Digital Unix CDE dtaction vulnerability concept of proof code"

Previous message: David Dreezer: "Re: UBB vulnerablietis + about: using example"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

AT&T/@Home has standardized on using DHCP for end-user workstation
configuration. This configuration is done via the standard DHCP 
implementation, but also is configured to send a string to the
DHCP server with the "hostname" of the client.

This hostname is adminstratively defined by AT&T and is a unique
customer number. An example is...

 cb666699-a.anytwn.il.home.com

Where the customer ID is cb666699-a in the subdomain of anytwn.il

What frightens me is that no PTR records are configured except for this
dynamic method. By scanning for PTR records, it is easy to determine
active IP addresses and focus attack efforts on those IPs only, speeding
up possible intrustions (imagine how much quicker it is if only
20,000 hosts are listening on a 24/8 subnet!)

This implementation, while not a true "vulnerability", is not quite a
"Best Practice".

-#0

Next message: Dan Stromberg: "Re: Digital Unix CDE dtaction vulnerability concept of proof code"
Previous message: David Dreezer: "Re: UBB vulnerablietis + about: using example"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 15 2001 - 17:56:07 PST