Collocation Access

Warren Kumari warren at kumari.net
Mon Oct 23 18:34:11 UTC 2006


On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:

>
> In article <20061023103731.W56322 at iama.hypergeek.net>, John A.  
> Kilpatrick <john at hypergeek.net> writes
>>> The fellow I chatted with at AT&T said they are not allowed to
>>> hand over their badge because it would compromise their security.
>>
>> My tech said the same thing.  That keycard could grant central  
>> office access
>
> On its own? No keycode or anything. What if he lost it?
>
>> so he couldn't surrender it.
>
> But presumably it would need to be stolen. Wouldn't the tech notice  
> that happening... Or is there some way the colo security guy can  
> clone it undetected?

These are trivial to clone -- all you need is a reader hooked up to a  
PC and you can read the number off the card. You can then buy a batch  
of cards that cover the serial numbers that you are interested in  
(no, I don't really understand WHY you can buy numbered ranges, but  
you can...)

The other alternative is something like:  http://cq.cx/proxmark3.pl
This device will read and clone a large number of proximity cards --  
you don't even need real access to the card, all you need to do is  
brush up against the cardholder with the antenna cincealed in your  
pocket....

> -- 
> Roland Perry
>

--
If the bad guys have copies of your MD5 passwords, then you have way  
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen





More information about the NANOG mailing list