Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PPPoE + Switch sniffing

from [Rob klein Gunnewiek] Network Security [Permanent Link]
Subject: Re: PPPoE + Switch sniffing
Date: Mon, 31 Jul 2006 11:33:36 +0200
On 7/27/06, Carlos de Oliveira <carlos.oliv@gmail.com> wrote: 
Hello friends,

As a manager of my network, I am woried of security. Recently we
changed the HUB's for switch's in hope that we get more securitty.

In a few days ago, we have seeing another Access concentrator in our
network sending PADO's to the clients that wanted to connect.

This access concentrator have the same MAC address of one of my clients.

I would like to know what do you think that could be?
I've searched google for this, but I didn't found any attack baseed on
PPPoE + switch.
Could this other access concentrator be trying to give connection to
some of my clients just to sniff their connection?


It doesn't matter whether you use a switch or not. The PPPoE client
will broadcast PADI packets, so they will arive at all hosts on the
subnet. Whether you use a switch or not.

If this is not simply some mistake of having a wrong setup, this looks
like an attack. First of all, do you use some kind of MAC-address
based filtering? That would explain why someone would forge the MAC
address. Much more likely though it is not forged, I think the client
you are talking about /IS/ the attacker!

I think the attacker wants to steal other people's login stuff... I'm
not familiar with Radius, but the PADO packets can include information
on where the client should authenticate with. So I suppose this could
be used to steal the logins of other clients in some way.

That's my guess,

Good luck.

--
Regards,
Rob klein Gunnewiek

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: PPPoE + Switch sniffing, Murda Mcloud
Next by Date:  Re: Windows debugging/vulnerability analysis, Rob klein Gunnewiek
Previous by Thread:  RE: PPPoE + Switch sniffing, Murda Mcloud
Next by Thread:  no daemons listening and errata updates (secure or not?), sun sadm
Indexes:  [Date] [Thread] [Top] [All Lists]