http://www.dslreports.com/forum/r19765888 en Thu, 03 Dec 2009 00:02:32 EDT Thu, 03 Dec 2009 00:02:32 EDT http://www.dslreports.com/forum/remark,19765888 patcat88 :
Let say someone has purchased 5 IP addresses from a DSL provider using PPPOE. To get at his 5 IP addresses, he needs to dial 1 PPPOE connection per computer. He has 5 computers.He also does Windows LAN File sharing/SMB/CIFS/NetBeui/NetBIOS. Netbeui and Windows File sharing and TCPIP and PPPOE are bound to the Ethernet adaptors of the 5 computers. Just TCPIP is bound to the PPPOE dialup/modem adaptors. The DSL modem is plugged into a switch with the 5 computers. There is no NAT/Router in this setup.

As far as I know, there is a layer 2 ethernet bridge going through the DSL modem to the Access Concentrator/DSLAM, connecting the layer 2 ethernet LAN of the above case, to the telephone company. AFAIK, it is required, otherwise the PPPOE packets wont have anything to ride over to the telco side.

On my ATT DSL connection, using Wireshark, one of the PPPOE packet's MAC address belongs Siara Networks (which was bought by Redback networks), the access concentrator's name is something-Rback-something, so yeah, Im pretty sure im seeing the MAC address of the DSLAM. The MAC address that the DSL modem has when I access it through Telnet is different, and it belongs to the range of the manufacturer of the modem (Efficient Networks), and its different from the PPPOE MAC address.

Now my question is, how easy it is for ATT/Telephone company/DSLAM owner/DSLAM tech/Law Enforcement, to sniff/see/"become a NIC on"/"plug into the layer 2" of the LAN described in the beginning, and then go on Network Neighborhood/My Network Places, and since this guy didn't password protect anything, read/write whatever they want on this guy's LAN? And is this done already for wiretapping?

I realize this would rarely work, since a router will block layer 2 of the LAN, from the layer 2 of the DSL modem, and almost everyone today uses a router, but is this a perfectly valid attack vector, or is there some standard in a DSL modem that mandates MAC filtering except for the Access Concentrator MAC? or does layer 2 really die in the DSL modem and never goes out over ADSL link?]]> http://www.dslreports.com/forum/remark,19765888 Wed, 09 Jan 2008 02:08:24 EDT