Great idea :-)
Thanks for the info
-eric
At 14:24 14/07/1999 -0400, Laris Benkis wrote:
>After a bit of thought it occurred to me that many bridging cable modems
>will not be vulnerable to CAM overflow as you describe. This is because
>some are designed to limit the number of MAC addresses permitted on the
>ethernet side to a configurable limit. This is to restrict the number of
>machines a subscriber can connect. On LANCity specifically, after the
>configured number of MACs is reached packets with different MACs are dropped.
>
>Laris
>
>
>-----Original Message-----
>From: Eric Vyncke [SMTP:[EMAIL PROTECTED]]
>Sent: Tuesday, July 13, 1999 2:48 AM
>To: Laris Benkis; 'Lou Laczo'; 'Andy'; '[EMAIL PROTECTED]'
>Subject: RE: Surprise, Surprise...
>
>Using a bridge to prevent sniffing is usually not very secure... the sniffer
>simply has to overflow the internal CAM table of the bridge and then the
>learning bridge should fall back in flooding mode. I.e. all unicast
>frames are flooded on the other side of the bridge.
>
>Using encryption (like DOCSIS) is, IMHO, the only way to go...
>
>Just my 0.01 EUR
>
>-eric
>
>At 17:52 12/07/1999 -0400, Laris Benkis wrote:
>>I think you may have a bit of difficulty sniffing a cleartext password on a
>>typical (whatever that means) cable modem segment. To use a specific
>>example which I am familiar with, LANCity cablemodems are learning bridges,
>>therefore the only traffic you will see coming to you from the modem will be
>>broadcast traffic on the segment and unicast traffic to your PC. To see all
>>the unicast traffic on the segment which will contain all the interesting
>>cleartext passwords you would have to either hack into the modem or decode
>>the RF signal on the coax. Not impossible perhaps, but certainly not as
>>trivial as you suggest. My impression is that most people think a
>>cablemodem is a fancy ethernet repeater, this is not the case.
>>
>>Depending on the capabilities of the cable modem being used there are things
>>the cable operator can do to reduce a subscriber's exposure. Again a
>>specific example, on Rogers@Home the LANCity modems are configured to block
>>UDP 137 & 138, giving naive users a bit of protection.
>>
>>Laris
>>
>>
>>
>>-----Original Message-----
>>From: Lou Laczo [SMTP:[EMAIL PROTECTED]]
>>Sent: Monday, July 12, 1999 3:19 PM
>>To: 'Andy'; '[EMAIL PROTECTED]'
>>Subject: RE: Surprise, Surprise...
>>
>>Disabling and/or password protecting shares would prohibit others from
>>easily looking at disk files on a PC. (via network neighborhood or direct
>>drive mapping) However, there's still the issue of packet sniffing. Anyone
>>on a cable segment can run an easily obtainable sniffer package and capture
>>all sorts of interesting information (i.e. cleartext passwords). Cable
>>modems are insecure by nature. I you choose to use them, the only way to
>>assure privacy is to encrypt all communications.
>>
>>
>>Best Regards,
>>
>>Lou Laczo - FASTNET Corporation
>>[EMAIL PROTECTED] (888)321-FAST(3278) http://www.fast.net
>>FASTNET (R) - Business and Personal Internet Solutions
>>
>>> -----Original Message-----
>>> From: Andy [SMTP:[EMAIL PROTECTED]]
>>> Sent: Monday, July 12, 1999 2:13 PM
>>> To: Daemeon Reiydelle; Firewalls List
>>> Subject: Re: Surprise, Surprise...
>>>
>>> Daemeon Reiydelle wrote:
>>> >
>>> > This problem is endemic and inherent to ALL cable companies because each
>>> > segment (more or less a few block radius) is a common subnet.
>>>
>>> What about the claim in the article that all one need do is disable
>>> sharing, or, at least use good passwords on shares. Is this enough?
>>>
>>> -Andy
>>> -
>>> [To unsubscribe, send mail to [EMAIL PROTECTED] with
>>> "unsubscribe firewalls" in the body of the message.]
>>-
>>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>>"unsubscribe firewalls" in the body of the message.]
>>-
>>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>>"unsubscribe firewalls" in the body of the message.]
>Eric Vyncke
>Consulting Engineer Cisco Systems EMEA
>Phone: +32-2-778.4677 Fax: +32-2-778.4300
>E-mail: [EMAIL PROTECTED] Mobile: +32-75-312.458
Eric Vyncke
Consulting Engineer Cisco Systems EMEA
Phone: +32-2-778.4677 Fax: +32-2-778.4300
E-mail: [EMAIL PROTECTED] Mobile: +32-75-312.458
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
