I never claimed that this was secure, I don't believe that for an instant. I simply
made the point that in many cable modem environments casual sniffing will not reveal
any unicast traffic except that destined for the local machine.
Laris
-----Original Message-----
From: Eric Vyncke [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, July 13, 1999 2:48 AM
To: Laris Benkis; 'Lou Laczo'; 'Andy'; '[EMAIL PROTECTED]'
Subject: RE: Surprise, Surprise...
Using a bridge to prevent sniffing is usually not very secure... the sniffer
simply has to overflow the internal CAM table of the bridge and then the
learning bridge should fall back in flooding mode. I.e. all unicast
frames are flooded on the other side of the bridge.
Using encryption (like DOCSIS) is, IMHO, the only way to go...
Just my 0.01 EUR
-eric
At 17:52 12/07/1999 -0400, Laris Benkis wrote:
>I think you may have a bit of difficulty sniffing a cleartext password on a
>typical (whatever that means) cable modem segment. To use a specific
>example which I am familiar with, LANCity cablemodems are learning bridges,
>therefore the only traffic you will see coming to you from the modem will be
>broadcast traffic on the segment and unicast traffic to your PC. To see all
>the unicast traffic on the segment which will contain all the interesting
>cleartext passwords you would have to either hack into the modem or decode
>the RF signal on the coax. Not impossible perhaps, but certainly not as
>trivial as you suggest. My impression is that most people think a
>cablemodem is a fancy ethernet repeater, this is not the case.
>
>Depending on the capabilities of the cable modem being used there are things
>the cable operator can do to reduce a subscriber's exposure. Again a
>specific example, on Rogers@Home the LANCity modems are configured to block
>UDP 137 & 138, giving naive users a bit of protection.
>
>Laris
>
>
>
>-----Original Message-----
>From: Lou Laczo [SMTP:[EMAIL PROTECTED]]
>Sent: Monday, July 12, 1999 3:19 PM
>To: 'Andy'; '[EMAIL PROTECTED]'
>Subject: RE: Surprise, Surprise...
>
>Disabling and/or password protecting shares would prohibit others from
>easily looking at disk files on a PC. (via network neighborhood or direct
>drive mapping) However, there's still the issue of packet sniffing. Anyone
>on a cable segment can run an easily obtainable sniffer package and capture
>all sorts of interesting information (i.e. cleartext passwords). Cable
>modems are insecure by nature. I you choose to use them, the only way to
>assure privacy is to encrypt all communications.
>
>
>Best Regards,
>
>Lou Laczo - FASTNET Corporation
>[EMAIL PROTECTED] (888)321-FAST(3278) http://www.fast.net
>FASTNET (R) - Business and Personal Internet Solutions
>
>> -----Original Message-----
>> From: Andy [SMTP:[EMAIL PROTECTED]]
>> Sent: Monday, July 12, 1999 2:13 PM
>> To: Daemeon Reiydelle; Firewalls List
>> Subject: Re: Surprise, Surprise...
>>
>> Daemeon Reiydelle wrote:
>> >
>> > This problem is endemic and inherent to ALL cable companies because each
>> > segment (more or less a few block radius) is a common subnet.
>>
>> What about the claim in the article that all one need do is disable
>> sharing, or, at least use good passwords on shares. Is this enough?
>>
>> -Andy
>> -
>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>> "unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
Eric Vyncke
Consulting Engineer Cisco Systems EMEA
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: [EMAIL PROTECTED] Mobile: +32-75-312.458
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
