r00t advisory [ layer 1 ] [ Dec 4 1997 ] 

-- Synopsis:	r00t has been informed of a recent spate of session
		hijacking attempts at layer 1 of the OSI reference model.
		These incidents have been centered around Internet
		exchange points located in cities with high crime rates.
		Port shortage at these exchange points is believed to be
		an aggravating factor.

-- Exploit:	A Layer 1 session hijacking attack was recorded by
		audio/video surveillance equipment at a major exchange
		point.  Below is a transcript of the monologue delivered
		by the assailant:

   "Yo!  [providername] Mo'fucker!  Yeah you! Take dat fuckin' FDDI out
   reeaaal slow now....  Dat's it....  Now, plug dat muthafucka into my
   router here. What da fuck you lookin' at, biiitch?!?   Does dis look like a fake gun to you, homey?  Jus'
   fo dat, I'll take dat extra hissey card, too!  Wat da fuck you mean
   you ain't gonna peer with me? Don't make me buss a cap in yo ass...."

-- Fixes?:	Layer 1 session hijacking is heavily dependent on the
		element of surprise; it is advisable to have a second
		individual acting as a lookout while performing
		maintenance at NAPs, MAEs, and other coloration
		facilities, particularly those located in "bad"
		neighborhoods.  r00t also recommends the many fine
		products of Guardian Technologies International
		(+1-703-709-7788) and Second Chance Body Armor
		(+1-616-544-5721) as stylish and functional apparel
		for the survival-conscious technician.  Remember, it's a
		*felony* to commit a crime while wearing soft body armor.

		As a more proactive workaround, r00t recommends the
		SIG-Sauer model P229 in caliber .40 S&W (the official
		handgun of r00t), available from better firearms dealers
		everywhere.

r00t -- owning is believing
http://www.r00t.org