I'm fairly sure that here in the UK under Telewest/BlueYonder, these SB's perform some kind of DHCP forwarding as well as full DHCP serving. Reasoning as follows: Checked this with Win2k & NT4 (just in case Win2k's auto-dhcp/ICS thing was playing around) - Power off cable modem - Unhook the cable modem from the 'net coax - Set NT4Wks for DHCP Client. Shut down for a laugh, just because it feels right. - Power the cable modem on, leave it disconnected from 'net - Power NT4Wks box on The Win2k/Nt4Wks box & the SB have a 192.168.x.x addr. Sniff the wire and you can see the DHCP broadcasts flying around. - Power off cable modem - Power off Wkstn - Hook up the 'net coax cable again - Power cable modem on - Power NtWks box on The NTWks box has an ip address on the Cable co.'s network, but the DHCP server is still showing as the ip of the cable modem (which has obviously changed as well). I did this in 2 stages just to demonstrate, but if you skip the power-down between stage 1 and 2 (ie: just straight hook the SB back up to the 'net coax), the 192.168 IP on the SB is automagically reset to an IP on the Cable co.'s network. Raj is right, if you look at the status pages on the SB, it does show DHCP Server enabled. I've also been told there are some "hidden" status/config pages in the SB that you can't directly get to unless you are coming from a certain IP. I was told this by one of the guys that came to install it, whether it's true or not I don't know... Ian Kayne Technical Specialist - IT Solutions Softlab Ltd - A BMW Company > -----Original Message----- > From: Rajkumar S. [mailto:listuserat_private] > Sent: Monday, April 30, 2001 4:46 PM > To: VULN-DEVat_private > Subject: Re: Hijack IP Address using cable modem > > > On Sun, 29 Apr 2001, Marcin Dawcewicz wrote: > > > > What could the 513 have? My guess is that it > > > is the port of the DHCP server that is running inside the modem. > > > > DHCP server is not running inside the modem. It's rlogin of course. > > let me make a small clarification. The DHCP thing was a wild > guess. I know > that 512 is rlogin. but the webpages of SB3100 states that a > DHCP server > is running inside the modem. Also the attempt to rlogin to the modem > failed as the rlogin just waited with out any response. Here is the > relevant para as it appeared in lynx. > > [X] Enable DHCP Server > The SURFboard cable modem can be used as a gateway to the > Internet by > a maximum of 32 users on a Local Area Network (LAN). When > the Cable > Modem is disconnected from the Internet, users on the LAN can be > dynamically assigned IP Addresses by the Cable Modem DHCP Server. > These addresses are assigned from an address pool which > begins with > 192.168.100.11 and ends with 192.168.100.42. Statically > assigned IP > addresses for other devices on the LAN should be chosen > from outside > of this range > > Even though the DHCP was listed as enabled nmap did not show > that. That > was why I made a wild guess ;) > > Now some more info > > > This page provides information about the servers your > Cable Modem is > using, and the computers to which it is connected. > > Item Value > Serial Number 052701021403557804053000 > HFC IP Address 10.1.15.42 > HFC MAC Address 00:20:40:7E:AE:72 > Ethernet IP Address 192.168.100.1 > Ethernet MAC Address 00:20:40:7E:AE:73 > DHCP Server Address 202.88.238.2 > DHCP Information Duration: 605400 s > Time: 18800 > > # Known CPE MAC Address (Max 1) Status > 1 00:D0:B7:B9:AB:E0 Learned > > > As it can be seen, the IP of the cable interface (HFC) is > 10.1.15.42 But > my first attempt to connect to port 80 was refused. May be > with luck it > may be possible to map the entire Fiber-Coax lan of the provider. > > raj > ******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this email in error and that any use of the information contained within this email or attachments is strictly prohibited. Internet communications are not secure and Softlab does not accept any legal responsibility for the content of this message. Any opinions expressed in the email are those of the individual and not necessarily those of the Company. If you have received this email in error, or if you are concerned with the content of this email please notify the IT helpdesk by telephone on +44 (0)121 788 5480. ********************************************************************
This archive was generated by hypermail 2b30 : Tue May 01 2001 - 21:36:01 PDT