Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJob BoardISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Tech and Talk » OS and Software » PPPoE » wiretap a LAN through ethernet bridging of DSL modem
Search Topic:
Uniqs:
453		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·dslreports PPPoE Info Page ·RASPPPoE Homepage ·
Carrick Solutions Site Links
AuthorAll Replies

patcat88

join:2002-04-05
Jamaica, NY

wiretap a LAN through ethernet bridging of DSL modem


Let say someone has purchased 5 IP addresses from a DSL provider using PPPOE. To get at his 5 IP addresses, he needs to dial 1 PPPOE connection per computer. He has 5 computers.He also does Windows LAN File sharing/SMB/CIFS/NetBeui/NetBIOS. Netbeui and Windows File sharing and TCPIP and PPPOE are bound to the Ethernet adaptors of the 5 computers. Just TCPIP is bound to the PPPOE dialup/modem adaptors. The DSL modem is plugged into a switch with the 5 computers. There is no NAT/Router in this setup.

As far as I know, there is a layer 2 ethernet bridge going through the DSL modem to the Access Concentrator/DSLAM, connecting the layer 2 ethernet LAN of the above case, to the telephone company. AFAIK, it is required, otherwise the PPPOE packets wont have anything to ride over to the telco side.

On my ATT DSL connection, using Wireshark, one of the PPPOE packet's MAC address belongs Siara Networks (which was bought by Redback networks), the access concentrator's name is something-Rback-something, so yeah, Im pretty sure im seeing the MAC address of the DSLAM. The MAC address that the DSL modem has when I access it through Telnet is different, and it belongs to the range of the manufacturer of the modem (Efficient Networks), and its different from the PPPOE MAC address.

Now my question is, how easy it is for ATT/Telephone company/DSLAM owner/DSLAM tech/Law Enforcement, to sniff/see/"become a NIC on"/"plug into the layer 2" of the LAN described in the beginning, and then go on Network Neighborhood/My Network Places, and since this guy didn't password protect anything, read/write whatever they want on this guy's LAN? And is this done already for wiretapping?

I realize this would rarely work, since a router will block layer 2 of the LAN, from the layer 2 of the DSL modem, and almost everyone today uses a router, but is this a perfectly valid attack vector, or is there some standard in a DSL modem that mandates MAC filtering except for the Access Concentrator MAC? or does layer 2 really die in the DSL modem and never goes out over ADSL link?
to forum · permalink · · 2008-01-09 02:08:24 · Reply to this
Forums » Tech and Talk » OS and Software » PPPoE

Sunday, 12-Oct 09:06:24 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 9 years online! © 1999-2008 dslreports.com.
page compression OFF
Most commented news this week
· [142] It's Cable TV Rate Hike Season
· [97] Wholesale Bandwidth Prices Still Dropping
· [96] Symmetrical FiOS No Longer Qualifies For Bundle Discounts
· [95] Is Comcast Cooking Up a 22Mbps/5Mbps Tier?
· [88] Time Warner's Ugly Feud With LIN TV
· [77] Half Of New iPhone Owners Came From Verizon
· [70] Supreme Court TiVo/Echostar Ruling
· [70] Microsoft: U.S. Broadband Policy 'Total Failure'
· [67] Verizon Unveils Blackberry Storm
· [64] XOHM Online In Additional Launch Markets
Most people now reading
· Safty Question about K & T wiring. Very worried... [Home Repair & Improvement]
· Extreme HD and Essentials [Verizon FIOS TV]
· [Connectivity] Neighbor using MY router to connect to Internet? [Comcast HSI]
· What's Your "Home Page"? [General Questions]
· Fake MS update letter w/attachment [Security]
· Man with 36 accounts, raids by himself [World of Warcraft]
· Heads up; Usenet, "Rarpassgen.exe" virus [TekSavvy]
· RMA shows up 1 month after I received new router [Verizon Fiber Optics]
· Sudden upstream loss - ~210kbps - new to Tomato/MLPPP [TekSavvy]