Wow! Its alive...
Hi guys! Great to see some action on this forum!
Here's why it doesn't work!
-> PADI (Inquire)
<- PADO (Offer)
>- PADR (Request)
<- PADS (Session!)
When the ISP's DSLAM responds with it's PADO packet, it contains a "cookie" that is to be used to encrypt the requestee's MAC address. Any request that does not come from that MAC address is ignored. This provides protection against a DoS type attack.
What happens, is the ISP provides this cookie to the AP's MAC address, and not the enduser.
Now my AP has a bridge mode that has an option for 802.11d something bla bla which basically means it duplicates its client MAC. This would work. But unfortunately in bridge mode, only another bridge (or client in Ad-hoc mode) may connect. So, this solution, unfortunately, does not seem viable.
My XP box on the wireless client adapter sends PADR packets and they are received by the ISP, but simply ignored because the MAC address encoded by Windows XP's PPPoE driver mismatches the one that the actual packet is received from (The MAC of the AP. Or any other crap-ass non-promiscious-mode dumb bridge the packet travels through).
Now, Bingo. The solution would be to tell the PPPoE client to use the MAC address that the ISP will eventually get it from (the AP's.)
I doubt XP's PPPoE client will have such a feature, but I shall now set out to see what I can accomplish nevertheless.
Hmm. Now i've confused myself. I just thought that I am wrong, but I am not. Heres what happens. XP gets its offer. (maybe ignores it cuz of the cookie and source mac) whichever way, say it replied with a PADR. It encodes it's own mac address. Now the ap changes it. ISP gets it and sees the two mismatch (AP doesnt know how to fix/relay the pppoe packet correctly) PPPoe packet ignored by ISP. Me unhappy.
Yah, those Linksys Routers are certainly cool. Pity they're only 60mW. (18-19dBm)
Another sidenote. You may or may not have seen pppoe-relay and such utilities. Basically these monsters encapsulates pppoe packets so that the server and client do talk to each other. Totally ridiculously inefficient if you ask me.
But the solution on the linksys would be to run a pppoe relay server, should you want to offer your clients to do pppoe instead of your router (I wonder how much Mbit of traffic that ~150-200Mhz CPU can handle!) Well, then again, PPPoE is pretty damn straightforward....
Usually
Well, happy frying your braincells with weak microwaves...
Later
NO WAIT!! THIS IS ALL WRONG!!
****, how dumb can I be.
Lets analyse this whole thing:
Client mac (abbreviated from xx:xx:xx:xx:cc) to CC
AP mac AA
Router mac RR
ISP mac II
As you can see my networking knowledge is severely lacking/rusty.
If a lan device sees a packet with it's mac address on it, it processes it.
So in order to receive the packets from the router/isp, the AP sticks its
mac on those packets (Windows XP software bridging does the same). **Where is the original MAC address now?**
Anyway, when the AP sees this packet with its mac address on, which is meant for the client, it finds this mac either a) at another field in the packet or b)in a table from which it can somehow track this specific conversation
Now well this seems silly. Because I know it keeps a list of associated mac addresses, so I would presume that it's just gobbling up all packets with mac's that match either of these, and sending them to the appropriate clients.
So tell me, anyone who may know.
What the hell is going on here? Please only try if you are 100% sure. I've asked too many clueless wankers and just confused myself more in the process.
Buttom line is, my ISP responds with the PADO. And XP sends back PADR. But thats where it ends. Isp doesnt give a ****.
Heres a packet cap:
03:34:17.667867 PPPoE PADI [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [TAG-0xe319 00000 **snipped 4k of hex digits**]
3:34:17.690397 PPPoE PADO [Relay-Session-ID 0x00000000000C853F76AA] [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [AC-Name "wblv-ip-esr-1"] [AC-Cookie 0x2810B18C3A0CE0984789671600003100]
03:34:22.667196 PPPoE PADI [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [TAG-0xb080 "..............wblv-ip-esr-1....(...:...G.g...1...ether proto 0x8863 || ether pr"]
03:34:22.686970 PPPoE PADO [Relay-Session-ID 0x00000000000C853F76AA] [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [AC-Name "wblv-ip-esr-1"] [AC-Cookie 0x2810B18C3A0CE0984789671600003100]
03:34:27.667021 PPPoE PADI [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [TAG-0xe305 "<.....u.......wblv-ip-esr-1....(...:...G.g...1...ether proto 0x8863 || ether pr"]
03:34:27.686877 PPPoE PADO [Relay-Session-ID 0x00000000000C853F76AA] [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [AC-Name "wblv-ip-esr-1"] [AC-Cookie 0x2810B18C3A0CE0984789671600003100]
03:34:32.667402 PPPoE PADI [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [TAG-0xb80 ".....DU.......wblv-ip-esr-1....(...:...G.g...1...ether proto 0x8863 || ether pr"]
03:34:32.686168 PPPoE PADO [Relay-Session-ID 0x00000000000C853F76AA] [Service-Name "wblv-ip-esr-1"] [Host-Uniq 0x2C0000002C000000] [AC-Name "wblv-ip-esr-1"] [AC-Cookie 0x2810B18C3A0CE0984789671600003100]
*** BEEP ***
I AM TOTALLY WRONG AGAIN. XP Never replies with the PADR packet.
****, i'm sure I saw it. I must've been imagining things.
I apologise for the excruciating pain you must be experiencing for seeing by obvious stupidity. PLEASE SAVE ME FROM IT!!!!
I am using an ADSL router with conexant chipset (like all of them out there) in bridge mode, so I get the raw PPPoE packets on the linux box. Linux pppoe works like a dream. To the linux box, is connected a Senao SL2511 DX 802.11b AP. Very basic. Incredible range on it's little dipole antenna.