Re: Security problem in PPPoE connection

North American Network Operators Group

Re: Security problem in PPPoE connection

From: Peter Dambier
Date: Sun Mar 12 04:10:36 2006

Joe Shen wrote:

Hi,

We are facing problem with PPPoE in ethernet access
network.
To provide high speed access, 10Mbps/100Mbps ethernet
is used as access method. But, we found some guy
'steal' some other's account by listening to
broadcasting packets, and they also set up 'phishing'
PPPoE server to catch those PPPoE authentication
packets.
With ATM DSLAM,we could solve this by binding account
with PVC. With ethernet, although we could seperate
subscribers into VLANs there is more than 100
subscribers within one VLAN.
What's your method to deal with such problem? Will
CHAP in PPPoE help?

thanks

Joe

http://www.juniper.net/products/eseries/

Hi Joe,

I am connected through this one:

Access-Concentrator: DARX41-erx
AC-Ethernet-Address: 00:90:1a:a0:01:46
--------------------------------------------------

I guess dtag.de has got some 8 of them. Everybody
(almost) offering dsl in germany goes through their
infrastructure. The ip address range 84.167.0.0/16
seems to be shared by all of them.

I did have an "intruder" myself reported by arpwatch.

host_look("192.168.20.80","fluffy.n","3232240720").
host_name("192.168.20.80","fluffy.n").

That thing is a PPPoE modem looking like a bridge.

It allows different people behind it to access the
DARX41-erx using different mac addresses (client)
and userid/passwords to access each their own
ISPs.

All of these boxes have the same ip-address. If
a box finds anotherone via arp then it shuts down.
To prevent broadcast storms?

That box made me look very carefully at PPPoE but
I never have seen anything but the packets that
were sent to me only.

I did supply a PPPoE server. It never saw anybody
access it but my own machines. I tried to reach
my neighbar an to build a private communications
channel. Never could we see eachother.

I guess dtag.de feels so secure with them that
they dont enable chap.

Using chap will help you but it will not solve
the real problem. At least you will make the
"poor fishermen" angry - but maybe nasty too.

Have a look at

http://iason.site.voila.fr/
http://www.koom.com/iason/

There are some tools that might help you tracking
those people via their mac-addresses. Chance is
good you might make some friends. You can alwys
need some people with a clue, cant you :)


Kind regards
Peter and Karin

--
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [email protected]
mail: [email protected]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/

Follow-Ups:
- Re: Security problem in PPPoE connection Florian Weimer

References:
- Security problem in PPPoE connection Joe Shen

Prev by Date: Security problem in PPPoE connection
Next by Date: Re: Security problem in PPPoE connection
Date Index
Thread Index
Author Index
Historical