r00t advisory: layer 1 (Dec 4 1997)
-- Synopsis: r00t has been informed of a recent spate of session
hijacking attempts at layer 1 of the OSI reference model.
These incidents have been centered around Internet
exchange points located in cities with high crime rates.
Port shortage at these exchange points is believed to be
an aggravating factor.
-- Exploit: A Layer 1 session hijacking attack was recorded by
audio/video surveillance equipment at a major exchange
point. Below is a transcript of the monologue delivered
by the assailant:
"Yo! <providername> Mo'fucker! Yeah you! Take dat fuckin' FDDI out
reeaaal slow now.... Dat's it.... Now, plug dat muthafucka into my
router here. What da fuck you lookin' at, biiitch?!? <SUBJECT
BRANDISHES PISTOL> Does dis look like a fake gun to you, homey? Jus'
fo dat, I'll take dat extra hissey card, too! Wat da fuck you mean
you ain't gonna peer with me? Don't make me buss a cap in yo ass...."
-- Fixes?: Layer 1 session hijacking is heavily dependent on the
element of surprise; it is advisable to have a second
individual acting as a lookout while performing
maintenance at NAPs, MAEs, and other coloration
facilities, particularly those located in "bad"
neighborhoods. r00t also recommends the many fine
products of Guardian Technologies International
(+1-703-709-7788) and Second Chance Body Armor
(+1-616-544-5721) as stylish and functional apparel
for the survival-conscious technician. Remember, it's a
*felony* to commit a crime while wearing soft body armor.
As a more proactive workaround, r00t recommends the
SIG-Sauer model P229 in caliber .40 S&W (the official
handgun of r00t), available from better firearms dealers
everywhere.