I would like to see some of those white papers. I have been looking for pin outs for the specific chips on a cable modem, and have only found the companies web site, never finding anything close to a pin out list. Of course, I can understand why that would not be available, but it has to be around somewhere. ----- Original Message ----- From: <listsat_private> To: <VULN-DEVat_private> Sent: Thursday, March 29, 2001 4:26 AM Subject: Re: Hijack IP Address using cable modem (fwd) > I used to be an @home customer using some CyberSurf cable modem and I > looked into the idea of hijacking or spying then. I found some white > pages on the modem and the modem turned out to have TONS of security > crap to prevent any such MAC address spoofing or even spying as suggested. > It appeared to me then that the engineers had completely thought out these > issues and solved them. So I gave up on the idea. > > > > > ---------- Forwarded message ---------- > Date: Wed, 28 Mar 2001 13:33:34 -0500 > From: "Williamson, Glenn" <Glenn.Williamsonat_private> > To: VULN-DEVat_private > Subject: Re: Hijack IP Address using cable modem > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Whether Patrick was coming from this point of view is beyond me. > > You would still have an apparent problem with 2 host machines with > the same IP address(mac) > > 2 exact IP addresses cause a big problem for routers anyways. Who > ever gets the packet first responds with a syn, if 2 syn's came back > the the original packet would not understand. > > It falls under the handshake that is expected to establish > communications between 2 different entities, first syn, syn ack, then > syn, doesn't work if it goes syn, syn ack - syn ack, syn. > > If I'm wrong well that was my 2 cents worth. > > And yes was a @home customer for 2 years > > > Glenn > > > - -----Original Message----- > From: Patrick Patterson [mailto:ppattersonat_private] > Sent: March 28, 2001 11:31 AM > To: VULN-DEVat_private > Subject: Re: Hijack IP Address using cable modem > > > - -----BEGIN PGP SIGNED MESSAGE----- > > I think I see where Patrick was coming from with this: > > Victim turns on his computer, and gets an IP address > Cracker, while sniffing the Cable segment notices that IP adress foo > is > assigned to MAC bar > Cracker changes his own MAC address to bar, and brings up IP address > foo on > this new MAC address (some Ethernet cards have overwritable MAC > addresses) > Since both Cracker and Victim have the same MAC, Cracker get's all > packets > for Victims computer, and is able to impersonate victim. > > > This is just a slightly more sophisticated IP Address Spoofing > attack.... and > I don't think it will work... > > - From what I know of Cablemodem networks, there are actually several > parts. > > 1: The cable network - the 'Modem' talks to the Cable Company > terminal > equipment and ensures that you are a valid subscriber. > 2: The IP Network - the routers keep track of which IP and MAC, is on > which > Cable Modem - thus making this attack unlikely to succeed.... > > I haven't tested this, and might be horribly wrong, but I don't think > so - > this is one of those things that looks better in theory than in > practice - Is > anyone from @HOME or ATT around to confirm/deny what's I've written? > > On Wednesday 28 March 2001 09:09, Nick Summy wrote: > > Now I hardly know anything about this subject, so correct me If im > > wrong, but I have a few questions. > > <SNIP> > > - - -- > > Patrick Patterson Tel: +1 514 485-0789 > President, Chief Security Architect Fax: +1 514 485-4737 > Carillon Information Security Inc. E-Mail: ppattersonat_private > > - - ----------------- The New Sound of Network Security > - ----------------- > << http://www.carillonis.com >>
This archive was generated by hypermail 2b30 : Wed Apr 18 2001 - 21:24:28 PDT