Return-Path: <sentto-279987-3909-1006306074-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Tue, 20 Nov 2001 17:30:07 -0800 (PST) Received: (qmail 24190 invoked by uid 510); 21 Nov 2001 01:26:32 -0000 Received: from n22.groups.yahoo.com (216.115.96.72) by all.net with SMTP; 21 Nov 2001 01:26:32 -0000 X-eGroups-Return: sentto-279987-3909-1006306074-fc=all.net@returns.groups.yahoo.com Received: from [10.1.1.220] by n22.groups.yahoo.com with NNFMP; 21 Nov 2001 01:27:54 -0000 X-Sender: rob@robhughes.com X-Apparently-To: iwar@yahoogroups.com Received: (EGP: mail-8_0_0_1); 21 Nov 2001 01:27:53 -0000 Received: (qmail 76149 invoked from network); 21 Nov 2001 01:27:53 -0000 Received: from unknown (216.115.97.172) by m2.grp.snv.yahoo.com with QMQP; 21 Nov 2001 01:27:53 -0000 Received: from unknown (HELO fwall.robhughes.com) (65.10.87.213) by mta2.grp.snv.yahoo.com with SMTP; 21 Nov 2001 01:27:53 -0000 Received: (qmail 6442 invoked from network); 21 Nov 2001 01:27:52 -0000 Received: from hexch01.robhughes.com (192.168.1.3) by fwall.robhughes.com with SMTP; 21 Nov 2001 01:27:52 -0000 content-class: urn:content-classes:message X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Message-ID: <B95B566BD245174196CA4EE29E5818830D6045@HEXCH01.robhughes.com> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [iwar] ATT@Home cable enumeration attack Thread-Index: AcFuPOIU+Pf2Yq1URNSXWwVc9hYTMgD7f1PA To: <iwar@yahoogroups.com> From: "Robert D. Hughes" <rob@robhughes.com> X-Yahoo-Profile: pimpothemonkey Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Tue, 20 Nov 2001 19:27:52 -0600 Reply-To: iwar@yahoogroups.com Subject: RE: [iwar] ATT@Home cable enumeration attack Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well, no, not really. The way @Home configures IPs, or at least the way many of the MSOs do it, is to configure a static DHCP lease on their servers. So, if a host was configured, then the subscriber terminated service, the in-addr and host name records would still be configured, but there wouldn't be a host there. The same is true if they just turned off their system. - -----Original Message----- From: Fred Cohen [mailto:fc@all.net] Sent: Thursday, November 15, 2001 7:21 PM To: Information Warfare Mailing List Subject: [iwar] ATT@Home cable enumeration attack AT&T/@Home has standardized on using DHCP for end-user workstation configuration. This configuration is done via the standard DHCP implementation, but also is configured to send a string to the DHCP server with the "hostname" of the client. This hostname is adminstratively defined by AT&T and is a unique customer number. An example is... cb666699-a.anytwn.il.home.com Where the customer ID is cb666699-a in the subdomain of anytwn.il What frightens me is that no PTR records are configured except for this dynamic method. By scanning for PTR records, it is easy to determine active IP addresses and focus attack efforts on those IPs only, speeding up possible intrustions (imagine how much quicker it is if only 20,000 hosts are listening on a 24/8 subnet!) This implementation, while not a true "vulnerability", is not quite a "Best Practice". - -#0 - ------------------------ Yahoo! Groups Sponsor - ---------------------~--> Need new boots for winter? Looking for a perfect gift for your shoe loving friends? Zappos.com is the perfect fit for all your shoe needs! http://us.click.yahoo.com/3wM6yD/QrSDAA/ySSFAA/kgFolB/TM - ---------------------------------------------------------------------~ - -> - ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBO/sDF+a2P6TrxG1EEQK7HQCeNx9TKG3v7E8AHOnLif5Q8LY2lyQAn207 dn8MOZ+tYIBLbsAyrs4PohbJ =DyRg -----END PGP SIGNATURE----- [Non-text portions of this message have been removed] ------------------------ Yahoo! Groups Sponsor ---------------------~--> Universal Inkjet Refill Kit $29.95 Refill any ink cartridge for less! Includes black and color ink. http://us.click.yahoo.com/r9F0cB/MkNDAA/ySSFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:59 PST