On Wed, 17 Oct 2001, Benjamin Scott <[EMAIL PROTECTED]> wrote: > > "stealth mode" firewalls, etc and when you think you have found an > > unused IP address, there could be, and likely is, somebody using it. > > The fact that this is even possible is yet another reason why cable > Internet, while nice and all, is just not all it is cracked up to be.
I don't believe this is possible. The MAC address of the cable modem plays an important role. The cable modem (CM) "decodes" from the downstream only the part of the signal intended for it. It is *not* as simple as ethernet, where you can pretend to be someone else just by typing their IP into your config. Or can listen to everything on the segment in promiscuous mode. The head-end equipment must set this (CM-MAC + PC-IP correlation) up in the downstream signal it broadcasts. Consider this puzzle: if two CM's were associated with the same IP at the same time how would the head-end know when to flip the MAC's back and forth in the stream of packets returning to that IP via downstream? My guess is that it would be fixed on one of them. I have since deleted the earlier posts, where I think people have claimed this works, and I can't recall the details of their claims. I would guess there is a window of opportunity to reuse an IP before another CM gets associated with it and that probably explains how this "manual" use of IP's seems to work. (I have done this by hand myself when dhcpcd wasn't working, and I just ran ifconfig with my previous IP manually, and it worked) I also believe I read that the CM intercepts the PC's dhcp requests and "takes care of it" between the head-end equipment and the DHCP server. My guess is that the correlation between CM-MAC and PC-IP takes place at that point (also, the PC's MAC is evidently used for ID). Note, if one is an electronics wizard one could build his *own* CM that sniffs the RF and listens in on traffic to or from for any CM+IP in the local area, and similarly could transmit data via a bogus RF signal masquerading as the CM corresponding to that IP. But that is different from what people were claiming. In fact, I vaguely remember a few months ago Ben "pooh-poohing" my statement that the DOCSIS CM encryption and authentication (it uses public-private RSA keys between modem and head-end to exchange a session key for use between the CM and headend) is a Good Thing. It solves exactly the problem Ben is saying is a pitfall of Cable internet! Anyway, I apologize for rambling on and not really proving anything! Perhaps I should have dug around on the net to find answer whether this is possible or not. Too sleepy now... maybe someone on the list who worked at Lancity knows the full answer? Karl ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
