Security problem in PPPoE connection

Niels Bakker niels=nanog at
Sun Mar 12 13:39:25 UTC 2006

* joe_hznm at (Joe Shen) [Sun 12 Mar 2006, 07:48 CET]:
>We are facing problem with PPPoE in ethernet access network. 
>To provide high speed access, 10Mbps/100Mbps ethernet is used as access 
>method. But, we found some guy 'steal' some other's account by listening 
>to broadcasting packets, and they also set up 'phishing' PPPoE server to 
>catch those PPPoE authentication packets.

I humbly suggest you re-evaluate your network design, only this time 
keeping in mind the fundamental nature of Ethernet as a broadcast medium.

A commonly used model is to use private VLANs (one per customer) 
combined with "local-proxy-arp".

>What's your method to deal with such problem? Will CHAP in PPPoE help?

That may help against password sniffing but won't help against sniffing 
traffic by an active attacker once the session has been established.  
Also, you'll have to revisit all CPE to explicitly disable PAP, or an 
active attacker could still steal the password if he impersonates the 
real PPPoE server.


	-- Niels.

"Calling religion a drug is an insult to drugs everywhere. 
 Religion is more like the placebo of the masses."
			-- MeFi user boaz

More information about the NANOG mailing list