DEF CON 30 - Gal Zror - Hacking ISPs with Point-to-Pwn Protocol over Ethernet (PPPoE)

Поделиться
HTML-код
  • Опубликовано: 29 окт 2024

Комментарии • 28

  • @renakunisaki
    @renakunisaki 2 года назад +52

    Imagine buying this expensive equipment as part of your critical infrastructure and then being told "btw it has a huge security vulnerability which we aren't gonna bother fixing".

    • @user-qgtoekq
      @user-qgtoekq Год назад +5

      That would assume that they would bother telling you there is a vulnerability...

    • @jfbeam
      @jfbeam Год назад +2

      That's the sad reality of the modern world. "We fixed it in the new 250,000$ box." (omitting that there are _other_ bugs in the new box.)

  • @SumanRoy.official
    @SumanRoy.official 2 года назад +8

    Very expensive research, great talk❤

  • @DrTune
    @DrTune 2 года назад +20

    I have a Cisco 19" switch in my room here, I had to replace the fans with near-silent ones, was horrendously noisy (but not any more!)

  • @D089ify
    @D089ify 2 года назад +5

    Say P P P one more time 🤣!! Just kidding great talk much appreciated !👍

  • @Mindflayer86
    @Mindflayer86 Год назад +1

    This is so incredibly cool! I would love to do similar research. Thanks for the great presentation! 🤗

  • @imperia777
    @imperia777 2 года назад +6

    Aleph Research the author of "Aleph1 smashing the stack for fun and profit"?

  • @lynzoido
    @lynzoido 2 года назад +6

    This is strong Kung Fu!

  • @alexbrown1050
    @alexbrown1050 Год назад +18

    'stop using eol equipment' should be 'vendors should issue security patches in perpetuity'

    • @jfbeam
      @jfbeam Год назад +5

      Not so much "for ever", but yes, for a reasonably long period covering the _actual_ useful lifetime of the product. (eg. I still have 25yo Bay/Nortel/Avaya switches in use. They work, why should I replace them. The Cisco 1760... yeah, the internet is a lot faster than 8Mbps, so that's no longer "useful".)
      In this case, while it might seem to be a trivial thing to fix -- and should be -- this assume Ericson has the people and assets (code, build env, etc.) to actually make a patch for something two decades old.

    • @linuxguy1199
      @linuxguy1199 Год назад +1

      @@jfbeam Been to installations where people are still using Cisco 2950s haha

  • @ChristopherWoods
    @ChristopherWoods Год назад +2

    A great talk and presentation. By the way @DEFCONConference there's a few errors in the transcribed subtitles, is there any way I can suggest some edit improvements? (mostly due to misheard sentences, in some cases they make no sense because of the mistyped words)

  • @plasmasupremacy9321
    @plasmasupremacy9321 Год назад +2

    Bro really likes Solar Opposites

  • @TheMatrixcube
    @TheMatrixcube Год назад

    Great presentation 👌

  • @pyrophreak2600
    @pyrophreak2600 Год назад +2

    I'm still curious what research or what techniques you used to determine the ISP equipment Brand/Model to begin research? I know there are many options available but curious what your path was.

    • @tass2001
      @tass2001 Год назад +2

      Sometimes the ISP will include model numbers as part of the host name for the equipment, so a simple trace route can give you a lot of information regarding the network between you and outside ASs. If you have L2 connectivity, you could look at ARP to determine equipment OUIs and link that back to a manufacturer. Nmap scans to reveal any services that might help fingerprint, etc

  • @Shadownrun2
    @Shadownrun2 Год назад +1

    turn on the closed captions, drink a shot for every letter 'P"

  • @ixin645
    @ixin645 8 месяцев назад

    the rick and morty characters were sure necessary

  • @Jango1989
    @Jango1989 2 года назад +1

    Very cool!

  • @adolphgracius9996
    @adolphgracius9996 2 года назад

    What's the Piupa doing?

  • @maktiki
    @maktiki Год назад

    Looks like it was designed to have holes in it.

  • @ukrainian333
    @ukrainian333 9 месяцев назад

    PPP?
    PPP!

  • @carkulturez
    @carkulturez 2 года назад

    יפה מאוד

  • @5rv9KY
    @5rv9KY 4 месяца назад

    PS4 PPPWNed

  • @JNET_Reloaded
    @JNET_Reloaded 2 года назад +1

    at the end im sure he said thank you for your come lol

    • @ytg6663
      @ytg6663 Год назад +1

      thank you for you TUM (Time)