OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: 0x90 (0x90_at_invisiblenet.net)
Date: Thu Dec 12 2002 - 13:55:01 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ----------------------------------------------------------------------
    - ----

    InvisibleNet Security Advisory ISA 1-1a securityinvisiblenet.com

    http://www.invisiblenet.com

    December 12th, 2002 - report issued by 0x90

    - ----------------------------------------------------------------------
    - ----

    Subject: Adelphia PowerLink Network (http://powerlink.adelphia.com)
    vulnerable to Arp Poisoning attacks and Promiscuous mode Sniffing.

    Vulnerability: Arp Poisoning and monitoring of Subnet(s)

    Problem-Type: remote

    OS Specific: N/A

    Problem Description:

    A certain set of subnets on Adelphia's Powerlink network are treated
    as a
    HUB/SWITCH and therefore allow cable modem subscribers promiscuous
    monitoring of the subnet,
    and arp poisoning (man in the middle) attacks. Upon finding this
    flaw, it seems to only affect
    windows users dhcp requests, as for *nix it hands off an entirely
    different
    subnet ip address that is not vulnerable. This doesn't stop one from
    booting
    into *nix and manually configuring their ip to be on the vulnerable
    subnet.
    To review, with arp poisoning, one can do a tremendous amount of
    malicious
    activity on a subnet, from DoS'ing the network, to hijacking DNS
    servers,
    and even attacking/cracking SSL/SSH/VPN negotiations. Promiscuous
    mode, one
    can passively monitor all traffic on the subnet, obtaining private
    information, including logins/passwords, and private email.

    Vulnerable Subnets:

    please contact securityinvisiblenet.com for info regarding specific
    subnets.

    Solution:

    The solution is varying on how the cable networks topology is
    handled, and arp poisoning, as we know is not a completely solvable
    issue
    without a physical/virtual separation of Layer 3 from Layer 2 in the
    OSI
    Model. For promiscuous mode, don't have the network in HUB
    mode.

    Patch:

    N/A.

    Disclaimer:

    InvisibleNet is not responsible for the misuse of any of the
    information we
    provide on this website and/or through our security advisories. Our
    advisories are a service to our customers intended to promote secure
    installation and use of InvisibleNet products.

    - --0x90--
    I'd crawl over an acre of "Visual This++" and "Integrated Development
    That" to get to gcc, Emacs, and gdb. Thank you.

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

    iQA/AwUBPfjpkTep2+UpsNFNEQIWlACg/Vf44LuQHkdwaotTTN2oOBlKAD0AniS2
    gSXaIhcrh+Q5j9Po3Ct8BeYx
    =CS8m
    -----END PGP SIGNATURE-----