mailing list archives
security concerns with cable splitters
From: NSweaney at tulsacash.com (Nathan Sweaney)
Date: Thu, 2 Apr 2009 15:43:29 -0500
The sensitive data is encrypted, but if a user surfs to
http://www.google.com, an attacker with the ability to inject packets
could easily add an exploit to the page. Assuming the exploit payload
was a reverse shell that connects over 443 back to the attacker's evil
server, now that attacker has a foothold on the network. Even if our
IDS caught an obvious exploit, the attacker could inject the BeEF code
which wouldn't likely be detected.
But that's only possible IF the attacker can intercept/inject packets
over the coax.
In other words, I'm not so much concerned about the data that's leaving.
It's good. I'm concerned about allowing an attacker in which could
eventually lead to gaining access to the data before it is encrypted.
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Josh Olson
Sent: Thursday, April 02, 2009 3:17 PM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] security concerns with cable splitters
On Thu, Apr 2, 2009 at 4:10 PM, Nathan Sweaney <NSweaney at tulsacash.com>
All sensitive data is encrypted, but I'm concerned that if the
attacker is able to intercept/inject packets, he could infiltrate the
system using something like BeEF of any old exploit that would then
let him pivot & attack the data from the inside before it gets
Maybe I'm misunderstanding what you're saying here. But it seems like
the data should be encrypted before it reaches the cable modem on the
way out. This based on the assumption that the cable modem is plugged
into some sort of router, and all sensitive traffic is encrypted
(through some other means) prior to routing.
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com