Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd)

• Previous message: Per Heldal: "Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Wed, 19 Jul 2006, Per Heldal wrote:
> What's new here?

When I see a NANOG related issue once in a while on bugtraq, I forward it.

        Gadi.

>
> Attack-vectors for session-hijacking has been thoroughly discussed
> elsewhere, so there's no reason to repeat that here. But ....
>
> On Wed, 19 Jul 2006 02:02:20 -0500 (CDT), "Gadi Evron" <>
> said:
> [snip]
> > >Description:
> > Some ISP networks do not reset open TCP connections of customers that
> > were either cut-off by the ISP or cut off by self-initiation. While it
> > is
> > responsibility of every person to terminate every open connection before
> > link termination, when the ISP initiates this, it cannot be guaranteed.
>
> You've got far more serious problems than session hijacking to worry
> about if your network permit an attacker to monitor who/when/where
> people are disconnected or to kick users off the network at will as
> would be required to succeed.
>
>
>
> Besides, to which extent do broadband networks:
>
> - permit users to choose their own address?
>
> - immediately reuse an address for an other user (unless the pool is
> exhausted)?
>
>
> //Per
> --
> Per Heldal
> http://heldal.eml.cc/
>

• Previous message: Per Heldal: "Re: Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]