Home page logo
/

bugtraq logo Bugtraq mailing list archives

AT&T/@Home Cable Modem Enumeration
From: uid0 () catastrophe net
Date: Thu, 15 Nov 2001 15:13:43 -0600

AT&T/@Home has standardized on using DHCP for end-user workstation
configuration. This configuration is done via the standard DHCP 
implementation, but also is configured to send a string to the
DHCP server with the "hostname" of the client.

This hostname is adminstratively defined by AT&T and is a unique
customer number. An example is...

 cb666699-a.anytwn.il.home.com

Where the customer ID is cb666699-a in the subdomain of anytwn.il

What frightens me is that no PTR records are configured except for this
dynamic method. By scanning for PTR records, it is easy to determine
active IP addresses and focus attack efforts on those IPs only, speeding
up possible intrustions (imagine how much quicker it is if only
20,000 hosts are listening on a 24/8 subnet!)

This implementation, while not a true "vulnerability", is not quite a
"Best Practice".

-#0


  By Date           By Thread  

Current thread:
  • AT&T/@Home Cable Modem Enumeration uid0 (Nov 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]