Re: IP fw-in deny (?)

To: dagon@halcyon.com (Mark Rafn)
Cc: debian-firewall@lists.debian.org
Subject: Re: IP fw-in deny (?)
From: Robert de Forest <robert@mail.tapestry.net>
Date: Thu, 22 Apr 1999 15:33:02 -0700 (PDT)
Message-id: <[🔎] 199904222233.PAA16884@tux.intranet>
In-reply-to: <[🔎] Pine.GUL.4.10.9904221557370.26257-100000@coho.halcyon.com> from Mark Rafn at "Apr 22, 1999 4:18:28 pm"

> If you're in a really mean mood, you can put your neighbor behind your
> masqueraded firewall and log all her activity. To do this, set up an alias
> eth0:1 as 192.168.127.1 (or any other convenient reserved network not used
> by yourself).  Allow masquerading from this network.  Set up dhcpd to
> serve out addresses from 192.168.127.[2-254] to requests coming in on eth0
> (maybe eth0:1, dunno how broadcasts work with aliased adapters).  Presto,
> your machine gets all traffic from any neighbor who DHCPs over your link
> (if you respond before the ISP's DHCP server) and masquerades it to the
> 'net.  Your neighbors don't notice anything wrong, but you can snoop 'em
> at will.

If your cable modem is as simple as a hub you could probably snoop people's
traffic without assigning them an IP. I think this is something a lot of
people are going to be unaware of, and it's going to be a big security
hole.

On the other hand, it would make for a fun movie: "The cracker is somewhere
in Chicago...maybe."

Robert

--
Robert de Forest        robert@tapestry.net   "Time flies like an arrow.  
Network Administrator   (831) 460-4355         Fruit flies like a banana."
Tapestry.net            http://got.net/~crag/

Reply to:

Follow-Ups:
- Re: IP fw-in deny (?)
  - From: Mark Rafn <dagon@halcyon.com>

References:
- Re: IP fw-in deny (?)
  - From: Mark Rafn <dagon@halcyon.com>

Prev by Date: Re: IP fw-in deny (?)
Next by Date: Re: IP fw-in deny (?)
Previous by thread: Re: IP fw-in deny (?)
Next by thread: Re: IP fw-in deny (?)
Index(es):
- Date
- Thread