Announcement

**schmosef** · 7 November 2005, 22:05

Competence is inversely proportional to one's faith in one's own aptitude.

This was proven in a scientific study. The least competence testees thought the highest of themselves.

**Helevitia** · 7 November 2005, 22:23

I don't get it, how can someone plugging their cable modem into their linksys device cause you problems???

**Liquid Snake** · 7 November 2005, 22:36

The DHCP server in that person's Linksys will show up on the network. When someone (Jammrock) puts out a DHCP request, they'll get a response from the Linksys instead of TW and won't be able to get to the Internet.

**Umfriend** · 7 November 2005, 23:40

Oh MAN! That's great. Now I finally have a way to get back at my cable ISP - LOL!

**High_Jumbllama** · 8 November 2005, 00:09

Hmmm. So the cable modems allow DHCP requests to pass through to DHCP servers on the customer side of the modems. Stupid cable modem firmware.

**High_Jumbllama** · 8 November 2005, 00:09

I'm tempted to try that for the stream of calls that I would be getting about it.

**High_Jumbllama** · 8 November 2005, 00:13

While I am in a slightly better mood and post whoring, I will add this to the list of reasons that I just set my cable modem to use a static I.P. address and settings once I find them out.

**Jammrock** · 8 November 2005, 08:27

Originally posted by Helevitia

I don't get it, how can someone plugging their cable modem into their linksys device cause you problems???

Don't you work for Cisco? ...

DHCP is broadcast based. My router sends out a broadcasted DHCP discover. Each DHCP server that receives it sends back a DHCP offer to the MAC address. My router will automatically accept the first DHCP offer it receives, and sends back a DHCP request to the MAC address of the first offer received, and then receives a DHCP ACK and now that DHCP server is locked in until the lease is at 50% life or a release/renew the IP.

So if someone plugs their cable modem into the local network portion of their router, instead of the WAN/Internet portion of the router, the routers DHCP server will be broadcasting DHCP offers to people trying to pick up an IP address. And since a DHCP server on the local network will be closer than the ISP DHCP off somewhere in an office building, I'll keep getting bum IP addresses that will stop the internet from working (because if the router isn't plugging into the WAN port, then it's not picking up any internet DNS or IP info and can't route internet traffic ...)

Jammrock

**Helevitia** · 8 November 2005, 21:03

Yes I work for Cisco

But your problem threw me off for a little bit. I forgot that cable is shared, which explains why you are getting the other persons response from the DHCP server. But yes, I understand how DHCP works

Interestingly, I was talking about this with one of my buddies at work today and we came to the conclusion that this is a serious security problem. Anybody could setup a DHCP, DNS, and Web server and respond to your requests for an address. Once that is established, this person could then spoof your banks website and capture your usernames and passwords. It would seem that they would have something in place to prevent this, but the only way I could see getting around this is putting in a router that could filter out any responses from any private addresses. Well, that would solve your problem, but someone could still breech this setup.

Bottom line is, you could prevent this with IP address filtering capabilites. There is probably many other ways to prevent this (MAC address filtering as well) but I haven't thought that far yet.

**schmosef** · 8 November 2005, 22:49

I used to have Cable Interent. I had some special high speed service and the ISP made me buy the modem, instead of renting it, which is what they usually force their customers to do.

It was a Motorola modem. I'm pretty sure that it could be configured to act as a one port router/modem so that it would obtain an IP from the ISP but it would provide internal IPs to any network devices attached to the Ethernet port on the modem.

That's not how the local cable internet ISP has it implemented though... But by enabling that feature and disabling DHCP broadcasts (BootP?) I'd guess that they could eliminate that problem.

**Jammrock** · 9 November 2005, 09:21

Originally posted by Helevitia

Yes I work for Cisco

But your problem threw me off for a little bit. I forgot that cable is shared, which explains why you are getting the other persons response from the DHCP server. But yes, I understand how DHCP works

Interestingly, I was talking about this with one of my buddies at work today and we came to the conclusion that this is a serious security problem. Anybody could setup a DHCP, DNS, and Web server and respond to your requests for an address. Once that is established, this person could then spoof your banks website and capture your usernames and passwords. It would seem that they would have something in place to prevent this, but the only way I could see getting around this is putting in a router that could filter out any responses from any private addresses. Well, that would solve your problem, but someone could still breech this setup.

Bottom line is, you could prevent this with IP address filtering capabilites. There is probably many other ways to prevent this (MAC address filtering as well) but I haven't thought that far yet.

you know I was just joke'n with ya

I never thought about spoofing people's service. Considering up to 500 people can be on a single cable network tree, that could cause some serious problems. Rent out an apartment, spoof and scam, and then run like hell. Rinse and repeat. It was would tough to figure out and harder to catch.

I suddenly feel the urge to call write a nasty email to Time Warner. They could easily fix the problem by preventing DHCP offers from passing upstream through the cable modem, and block several other potentially hazardous-if-spoofed broadcasts.

Good catch, Helevitia!

Jammrock

**Helevitia** · 9 November 2005, 11:43

Originally posted by Jammrock

you know I was just joke'n with ya

I could tell by the smilie

So no worries.

I suddenly feel the urge to call write a nasty email to Time Warner. They could easily fix the problem by preventing DHCP offers from passing upstream through the cable modem, and block several other potentially hazardous-if-spoofed broadcasts.

Good catch, Helevitia!

Jammrock

I feel the same way. I wonder if Comcast has the same problems? This is definitely a problem though.

**Jammrock** · 9 November 2005, 13:01

I wrote a very long email to TW and Earthlink (network provider and ISP) regarding the issue. I suspect I will never hear back from them.

Jammrock

**Helevitia** · 9 November 2005, 14:02

Let us know if you hear back from them.

Announcement

grrrrr...

grrrrr...

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment