SOMEONE EXPLAIN THIS - Network Security

McKittrick

this might just be a theory but i have never seen it done so i ask:

if one was to somehow control your local ISPs gateway that managed your entire subnet, would you see all the data that passed through it? the next question, would you have to have some type of ip forwarding in place as not to create a bottleneck and would your machine even be able to keep up? i have heard (in cases involving RIP poisoning) that if you set your interface on the router to 0, you are telling it you are directly connected. you then have precedence over all other traffic, as opposed to it being set at 1. so has this ever been done--full control over an ISP gateway?

i would like to pose another question that relates slightly to the above: has anyone here ever read up on RSVP and how you can use it to manipulate a network into allowing your packets to have priority on the network as far as bandwidth goes?

mandi


if one was to somehow control your local ISPs gateway that managed your entire subnet, would you see all the data that passed through it?

If you have control over the ISP's gate-way you definitely can see the data,not sure about the encrypted stuff,if some one runs some ip-sec tunnels and if you intercept it,i think most probably the connection will get dropped,But if you are special and if you can use an device like this


http&#58;//www&#46;wired&#46;com/threatlevel/2010/03/packet-forensics/

you can do listen to their data,As because you are using the certificates like the one issued by the COA,no one can not able to detect you are spoofing them!!


the next question, would you have to have some type of ip forwarding in place as not to create a bottleneck and would your machine even be able to keep up? i have heard (in cases involving RIP poisoning) that if you set your interface on the router to 0, you are telling it you are directly connected&#46; you then have precedence over all other traffic, as opposed to it being set at 1&#46; so has this ever been done--full control over an ISP gateway?

This is purely your Assumption!!!,you don't need to do all these stuff and all,just grab the mac address of the gate-way and assign it to your's,and also you need to remember one thing,if you do decided to do like that you need to have a system or hardware or NIC card that can capable of handling this amount of traffic,Also if there is any arp watches installed on the ISP's network,they will most probably detect it,again arp watches are ain't common in most ISP's ..,So just try ,i am 90% sure u will suceed !!


i would like to pose another question that relates slightly to the above&#58; has anyone here ever read up on RSVP and how you can use it to manipulate a network into allowing your packets to have priority on the network as far as bandwidth goes?

related to the above? "McKittrick" you are confusing your-self a lot,
Also TBH,i never heard about RSVP,by prioritizing your packets what you gonna do? you going to steal the bandwidth? i don't see any relation between this questions and previous question....

try to make it clear...

Xin

ISPs can see the data, maybe if you use encrypted VPNs i dont think they can.

McKittrick

mandi, you obviously are not as well-versed with these protocols as you would like to think you are. i mentioned the RSVP concept because i had heard about it in the past but never have actually saw it implemented. i said it is possible one can hijack a session and force a prioritization of traffic. looking on the web i came across a description of said concept AND a POC that proves that it is possible!

http://www.mail-archive.com/bugtraq@sec ... 12432.html

also, as you have in the past in certain responses, PLEASE stop calling me "BRO". i find it kind of weird (since i don't even know you!)

lastly, to the reply about using the local ISP gateway for your center of traffic flow. would you not have to have in place some form of IP forwarding?? if not, you would create one hell of a bottleneck and create nothing more than a wall and have no way to keep the traffic moving (blackhole)

(what do certificates have to do with anything i mentioned above? i was not referring to a VPN at all)

Xin

'if one was to somehow control your local ISPs gateway that managed your entire subnet, would you see all the data that passed through it?'

I was replying to that, and i was merely stating VPN should protect against this

McKittrick

yes, i understand on the VPN aspect. i was not really questioning the preventative measures in this case. i really was just throwing out the idea of "what if" scenarios. but again, you would STILL have to have some type of forwarding in place as not to create the black hole i described, correct?

burn1337

If you have control of an ISP gateway; you would not want to copy MAC's at all. Doing this would not only bottle neck the ISP, but would also clog your entire network, and would be an immediate tip to the ISP that someone is dinking around with their network; not to mention unless your running some severe hardware, would likely nock your NIC offline in seconds (unless your exploiting a low volume dial-up ISP).
As for forwarding; yes that is a bit inevitable, forwarding would be best... You can even force it to copy each packet, and send the copy to you; this way it doesn't bottle the ISP, and aids in preventing a flag to the ISP, while allowing you to control your input as well. I.e. if you know what data your looking for, some iptables and/or a small script, and you can have any specific type of data you want sent to you, this way you don't have to sort out the data on your end.
As for RSVP; you can set your traffic/connection to take precedence, on virtually any network. Setting it so on an ISP gateway, would allow you to receive higher speeds and bandwidth; though you would also have to alter your modem configuration as well.

Howdy, Stranger!

Top Posters

Who's Online (2)