PPPOE server creation practices

We have learned a lot about the basic content of PPPOE. For the application of PPPOE protocol or PPPOE server, many of our friends still feel ethereal. Here we will share the practical experience of the next netizen. In the residential area, the property built a m optical fiber, and then used ROS as a PPPOE server. I don't know the specific network topology and what ROS does. I only know that each household's network cable is connected to the corridor switch. After reading the switch and common switch, I think the broadcast domain is still very large, and every household uses dial-up Internet access.

Peng you applied for an account and used it for use. I found that ROS knows how to use ROS because I caught a few packets on the network, including CDP packages, after the data TTL value is modified, you can easily find that you can ping an Internet address and the returned TTL is 0. You cannot simply implement an address-based proxy. The ROS Intranet interface shields ARP, even his Intranet address cannot be accessed. What should I do if I want to access the Internet without an account.

It is too troublesome to find another account or use a virtual machine and install ROS to change the TTL. Or use two accounts.

How can I obtain the account and password used by others to access the Internet? If you are familiar with PPPOE, you know that the PPP protocol has an authentication process. There are multiple authentication methods, the most common of which is PAP and CHAP. PAP Simple Password Authentication sends the plaintext user name and password. CHAP is called Challenge Handshake Authentication. The password is not directly included in the data packet, but is calculated as a hash value based on the password. Here, if I want to get the password of another user's account, I have to ask the user to send the authentication data to me and use PAP authentication. I can see the user name and password through packet capture. My practice is to build an ros pppoe server in the virtual machine. The authentication method is only PAP. Now I want to introduce the data to me. The idea is to first drop the user line, it is easy to use the original PPPOE server MAC address as the source MAC address to send any data, preferably a free ARP packet 1 ms), so that, in the MAC address table of all vswitches, the port corresponding to the MAC address of the original server is the closest to you. That is to say, all packets sent to the original server will be sent to you ), the PPPOE session established with the original server will be interrupted and the user will be disconnected. After the connection is dropped, the user will dial again, and the dial-up data will establish a session with the PPPOE server you have built to obtain the user name and password.

The sniffer software can be used for both the packet capture tool and the packaging tool.

Suggestions:

1. When working on ROS similar to my current community, you should pay attention to closing all unused services first, which is also mentioned in the data setting specifications of any device manufacturer. For example, CDPMNDP in my example), you can find the interface address, host name, and other information in CDP.
2. When you modify the TTL value, do not include the ICMP protocol. You cannot find that the TTL value has been modified. It is very old that another route cannot be tracked.

3. Minimize the range of broadcast domains in the network to avoid the area caused by such attacks.

4. Do not select PAP for the PPPOE dial-up client, but select CHAP for the client. Do not use MSCHAP for data encryption. In this way, even the above attacks only lead to user disconnection. When I use the LCP authentication method with my PPPOE server, the negotiation will not succeed, so that I will not intercept the user name and password.

5. Specify the service name ISP name when setting up the PPPOE dialing client) so that no other PPPOE server is selected.