Consumers of Broadband Providers (ISP) may be open to hijack attacks (fwd)

Per Heldal heldal at
Wed Jul 19 08:28:09 UTC 2006

What's new here?

Attack-vectors for session-hijacking has been thoroughly discussed
elsewhere, so there's no reason to repeat that here. But ....

On Wed, 19 Jul 2006 02:02:20 -0500 (CDT), "Gadi Evron" <ge at>
> >Description:
> 	Some ISP networks do not reset open TCP connections of customers that
> were either cut-off by the ISP or cut off by self-initiation.  While it
> is 
> responsibility of every person to terminate every open connection before
> link termination, when the ISP initiates this, it cannot be guaranteed. 

You've got far more serious problems than session hijacking to worry
about if your network permit an attacker to monitor who/when/where
people are disconnected or to kick users off the network at will as
would be required to succeed.

Besides, to which extent do broadband networks:

- permit users to choose their own address?

- immediately reuse an address for an other user (unless the pool is

  Per Heldal

More information about the NANOG mailing list