|reply to TSI Martin |
Ethernet broadcasts leaking out over DSL with MLPPP ?
Here is a question I originally asked in a more roundabout way in a different thread:
With a two-line MLPPP setup, using a WRT54GL with Tomato/MLPPP, the second modem connects to the WRT54GL via the LAN side of the router. As such, this modem "sees" all ethernet broadcast frames from the LAN --> anything with a MAC of FF:FF:FF:FF:FF:FF will be seen by the modem.
Q: Does the modem forward all ethernet broadcasts over the DSL connection to the RAS ?
I suppose it must, since PADI packets are sent that way, and are essential to PPPoE.
But this would also then mean that DHCP discovery, ARP, and other local LAN broadcasts would then also be travelling across the DSL connection. Which could be a rather large security hole, as well as a small amount of wasted bandwidth.
Does anyone know the answer? I would expect somebody from TSI might know.
Disturbingly, I starting to think that this leaking of packets is actually happening.
Related to that, I found this story about a remote ARP attack using ethernet broadcasts from the other end of a DSL connection:
So.. MLPPP with more than one line appears to be an unsafe configuration with the default setup of Tomato/MLPPP on the WRT54G router. I believe this can be fixed with a rearrangement of the vlan configuration.. might try that later on.