[RndTbl] Shaw DHCP weirdness or attack?

Colin Stanners cstanners at gmail.com
Wed Dec 5 13:31:09 CST 2012


The ARP stuff that doesn't belong may be for backwards compatibility
with old IP ranges/designs...

Anyone remember when Shaw or Videon was transitioning to a new IP
range, if you manually configured your machine for any static IP on
the old range it would work? Some people did that for lower latency to
the UofM/MTS since the old network connected in Wpg but the new
network went to their IXes in Calgary/Toronto/etc. before geting on to
the internet.

On 12/5/12, Sean Walberg <sean at ertw.com> wrote:
> On Wed, Dec 5, 2012 at 12:31 PM, Trevor Cordes <trevor at tecnopolis.ca>
> wrote:
>
>
>> Hmm, I'm not sure I follow... been up too long!  Not sure why Shaw's
>> routers would relay bc's across subnets sourced from random nitwit's
>> broken client/router?  This is type "Boot Reply (2)" which should be
>> coming from the DHCP server back to the client?
>
>
> I'd be interested to see the packet.
>
> At least with ARPs you see all sorts of subnet leakage. Do a "tcpdump arp"
> some day and watch for stuff that doesn't belong, most of it comes from
> Shaw routers.
>
> Sean
>
> --
> Sean Walberg <sean at ertw.com>    http://ertw.com/
>


More information about the Roundtable mailing list