David,
Do you know what hardware MediaOne uses? Motorola CyberSurfr?
Bay/Lancity LCPs? Etc?
--David
>---------- Forwarded message ----------
>
>I was reading about a possible security hole for Mediaone which I
>thought I'd let you know about.
>
>Apparently the cable modems act as bridges: when they are powered
>on they listen on the LAN side to discover the first MAC address it
>can. From that point on it filters out all traffic to the LAN side
>except packets addresses to that MAC address or broadcast packets.
>
>However, let's assume that someone on your segment knows your
>MAC address (these are easy to come by - just do ping 24.128.121.255,
>which is the broadcast address, and look at your arp cache). Then
>an attacker can proceed as follows:
>
>(1) Send an ARP packet to you advertising his card with the gateway
>IP 24.128.120.1. Your machine will place it in its ARP cache. As
>long as he keeps sending you these packets before the ARP entry
>times out, you will never send out a real ARP query for the MAC address.
>>From that point on you will essentially be routing all your outbound
>traffic to him.
>
>(2) Similarly he sends ARP packets to 24.128.120.1 with your IP.
>In the same way, the gateway now will redirect all inbound traffic
>for you to him.
>
>(3) Then he routes all the inbound traffic for you to you, and you
>never know that anything is wrong. He can then run a sniffer to
>look at your traffic.
>
>The person who pointed out this vulnerability said that the only way
>to make sure that you are not vulnerable to this attack is to hard-code
>the MAC address for the gateway and disable ARP. He still can
>get your inbound packets by spoofing the router.
.----------------------------------------------------------------------------.
| David A. Ranch - Remote Access/Linux/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
