On Thu, 17 Feb 2000, Ramon Gandia wrote:
> Axalon Bloodstone wrote:
>
> > it's not different from being on a dialup, your just as open then.
> >
>
> There is a big difference, actually.
>
> On a cable modem, your home computer is part of a large ethernet
> segment. Any user can sniff your packets because everyone's data
> appears on the other user's ethernet port.
>
> A dialup system, however, has a separate router port for every
> dialup. The administrator, or someone upstream of the dialup
> server router can sniff packets, but a USER on another dialup
> cannot. Each dialup port sees only the data routed to it.
>
> To give an example.
>
> Let us say two systems, one dialup and one cable. Both have
> identical POP3 mail servers. Further, the administrator has
> a computer on the same ethernet as the mail server. Question,
> who can see what?
>
> A user checks mail. This is a cleartext POP3 mail function with
> username and passwords sent in the clear, INCLUDING the
> administrator
> when he checks his mail.
>
> A user on a cable system can sniff all packets and grab anyone
> else's username and password, including that of the adminstrator.
> God help the admin if he uses a root password! Home networks
> are particularly vulnerable as the passwords etc sent among
> their computers also appear on the entire cable system segment.
>
> On a dialup system, however, the administrator can sniff out
> all user packets because he is on the common ethernet part.
> However,
> the dialup users, being on separate router ports cannot sniff
> the administrator's password nor that of the other users.
>
> This has been a fantastic screwup problem on cable systems and all
> sorts of esoteric security methods are being devised or
> implemented
> with varying degrees of success. In the meantime, its a hacker's
> paradise!
>
>
It's totaly avoidable they are useing the same basic hardware, although
due to it's nature cable does have it's inherent flaws, docsis does
account for these but good luck getting your cable co to go the extra
steps to enable the two way encryption. Dialup is another case they have
to do the work (actualy usuealy done already in the hw) to make sure you
don't get packets you don't want (it'd eat all the bandwidth), but it's a
totaly false sense of security to think your safe on a ppp connection,
they still get a "fake" mac addr and are vulnerable to sniffing after they
go thru the terminal, actualy the terminals them selves are
vulnerable. and not to mention they've had passive modems sense the 80's
(atleast). I don't factor the convience of being hacked into the security
equation, basic security (ssh vs telnet) generaly takes care of the
kiddies, it's the persistant/motivated ones that should scare you they'll
just be more grumpy because its a bloody slow connection.
--
MandrakeSoft http://www.mandrakesoft.com/
--Axalon
