Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: R: MITM ADSL IPoE

R: MITM ADSL IPoE

From: Rissone Ruggero <ruggero.rissone_at_telecomitalia.it>
Date: Fri, 2 May 2008 09:34:59 +0200

Commercial products that could sniff an ADSL line are based also on layer 1.

http://www.tracespan.com/Products.html

http://www.broadframe.com/products/dslscope.html

I'm not sure if they also inject (or substitute) data on the line.

Best regards.

RR

________________________________________
Da: listbounce_at_securityfocus.com [listbounce_at_securityfocus.com] per conto di frog horror [frogho_at_gmail.com]
Inviato: giovedì 1 maggio 2008 23.21
A: pen-test
Oggetto: MITM ADSL IPoE

Hi all,
I am trying to build a scenario where I could do a kind of MITM
connexion between a device (like a Residential Gateway) and the my
ADSL line (DSLAM). The WAN connexion is an IPoE over ATM connexion
without any kind of 802.1X (just Ethernet and DHCP on top of that...).
Therfore, I can imagine how easy it can be to insert a fake
Residential Gateway but what about a real MITM attack with a valid
Residential Gateway and my laptop betwwen the RG and the DSLAM. I am
pretty aware about kind of Layer 2/3 attacks and requirements but I am
still confused about the physical connectivity and what I need to
do/build to do such a thing.
Did any of you already experience that kind of things?
Thanks for your help
Frog

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
--------------------------------------------------------------------

CONFIDENTIALITY NOTICE

This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to webmaster_at_telecomitalia.it.

        Thank you

                                        www.telecomitalia.it

--------------------------------------------------------------------
                        

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Received on May 02 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]