[prev in list] [next in list] [prev in thread] [next in thread]
List: security-basics
Subject: Re: PPPoE + Switch sniffing
From: "Rob klein Gunnewiek" <rob.kleingunnewiek () gmail ! com>
Date: 2006-07-31 9:33:36
Message-ID: 62e75bc00607310233r1dac805ewb873bd9c860ed6d4 () mail ! gmail ! com
[Download RAW message or body]
On 7/27/06, Carlos de Oliveira <carlos.oliv@gmail.com> wrote:
> Hello friends,
>
> As a manager of my network, I am woried of security. Recently we
> changed the HUB's for switch's in hope that we get more securitty.
>
> In a few days ago, we have seeing another Access concentrator in our
> network sending PADO's to the clients that wanted to connect.
>
> This access concentrator have the same MAC address of one of my clients.
>
> I would like to know what do you think that could be?
> I've searched google for this, but I didn't found any attack baseed on
> PPPoE + switch.
> Could this other access concentrator be trying to give connection to
> some of my clients just to sniff their connection?
>
It doesn't matter whether you use a switch or not. The PPPoE client
will broadcast PADI packets, so they will arive at all hosts on the
subnet. Whether you use a switch or not.
If this is not simply some mistake of having a wrong setup, this looks
like an attack. First of all, do you use some kind of MAC-address
based filtering? That would explain why someone would forge the MAC
address. Much more likely though it is not forged, I think the client
you are talking about /IS/ the attacker!
I think the attacker wants to steal other people's login stuff... I'm
not familiar with Radius, but the PADO packets can include information
on where the client should authenticate with. So I suppose this could
be used to steal the logins of other clients in some way.
That's my guess,
Good luck.
--
Regards,
Rob klein Gunnewiek
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic