[CLUE-Talk] Security Issue with @Home

Sun Aug 26 17:43:46 MDT 2001

it's already in there, if you notice all the packets you see if you do
a tcpdump, they are all for you or broadcast packets, this is because
the modem knows what IP's to look for, and what ethernet address, you
can get that information OUT of some of the modems, but I don't
remember how.

Brandon
--- Gary & Sheri Mauldin <gsmauldin at home.com> wrote:
> Any idea how to get into the @Home cable router that I have(it's
> operating system)? It's a Motorola Surfboard 3100. 
> 
> Gary
> 
> -------Original Message-------
> 
> From: Brandon N
> Date: Sunday, August 26, 2001 04:32:37 PM
> To: clue-talk at clue.denver.co.us
> Subject: Re: [CLUE-Talk] Security Issue with @Home
> 
> There is really no way to fix this on a shared connection, although
> the
> modems detect the IP's behind them and can show this to @home techs. 
> All you have to do to hijack an IP is look at your host IP, subnet
> mask
> and then pick another IP on your subnet. This is probably what
> happened to the people mentioned on slashdot that had thier
> connection
> turned off while they were on vacation for running a warez site. 
> 
> Brandon
> --- Warren <warren at guano.org> wrote:
> > If you are considering broadband service with @Home, be aware of
> the
> > following security issue of "IP address hijacking" being discussed
> on
> > Bugtraq.
> > 
> > Aside from the inconvenience, it is possible that someone could use
> > your
> > IP address for subversive activities, trading mp3s or sending
> > instructions on how to rip CDs, for example, and point the finger
> at
> > you. Refer to
> > http://www.salon.com/tech/feature/2001/08/23/pirate/index.html
> > 
> > 
> > 
> > Forwarded message:
> > 
> > From: Roadkill Randu <randy at viopac.com>
> > To: bugtraq at securityfocus.com <bugtraq at securityfocus.com>
> > Date: Saturday, 25 August, 2001, 4:20:25 PM
> > Subject: @Home network subject to DHCP hijacking
> > 
> > 
> > 
> > ======================Original message text=================
> > 
> > Greetings:
> > 
> > Problem:
> > 
> > The @Home network assigns IP addresses on a fairly permanent basis
> to
> > its
> > subscribers, but it does use DHCP for IP address assignment. It is
> > trivial matter, however, to take over another @Home account's IP
> > address
> > by simply providing another customer's ID for the hostname
> parameter
> > in
> > DHCP. It is also trivial to acquire this hostname parameter, since
> > all it
> > requires is 'host @HomeIPaddress' to determine what the customer ID
> > is.
> > 
> > Notification:
> > 
> > I have notified @Home of this problem twice in the last two months.
> 
> > Not
> > being an expert in DHCP, I do not know what could be done to fix
> > this. I
> > figure at least using something different than my actual hostname
> for
> > my
> > hostname parameter would at least raise the bar to sniffing for
> DHCP
> > packets, instead of the trivial hack it currently is.
> > 
> > Reason for this message:
> > 
> > I have had my @Home connection hijacked from me repeatedly in the
> > last six
> > months. Given @Home's aparent lack of concern for this problem, and
> > the
> > current mood of ISPs shutting down users without warning whenever
> the
> > MPAA
> > rattles it saber, I felt that the larger community needed to be
> aware
> > of
> > this potential problem. It should not be this trivially easy for
> > someone
> > to break the law in your name.
> > 
> > Randy
> > 
> > 
> > 
> > =================End of original message text===============
> > 
> > -- 
> > 
> > </W>
> > 
> > http://guano.org/~warren/pgp.txt
> > 
> > 
> > _______________________________________________
> > CLUE-Talk mailing list
> > CLUE-Talk at clue.denver.co.us
> > http://clue.denver.co.us/mailman/listinfo/clue-talk
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo!
> Messenger
> http://phonecard.yahoo.com/
> _______________________________________________
> CLUE-Talk mailing list
> CLUE-Talk at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-talk

__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/