Full Disclosure mailing list archives
RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
From: "Dave Paris" <dparis () w3works com>
Date: Tue, 13 Jan 2004 12:10:36 -0500
I can't resist any longer. I have to ask a few questions. 1. How did they know which switch to connect to? Wouldn't this require some knowledge of network topology.
.. makes sense.
2. If it is indeed a switch and not a hub, how did they obtain access to set this port to monitor traffic?
if it's a managed switch, most have SPAN (or RSPAN) port capability. mirror other ports to the sniffer port as appropriate.
3. How did they get access to the switch. Shouldn't it have been locked away.
.. never underestimate the power of stupidity. :-)
4. How did they convert electrons to money? Was this by raiding bank accounts or collecting credit card numbers?
.. any number of ways
5. How could they be unable to hide a WAP in a rack (assuming the switch was in a rack)? I can think of several ways to hide one without it being visible.
.. see comment to #4, then comment to #3. To be fair, it would greatly depend on the physical configuration of hardware in the rack, the size/shape of the WAP device, it's power requirements, etc. Assuming that it was a managed switch and physical access was achived: At the end of the day, a simple system which checks the configuration for managed switches vs. a stored configuration (not unlike a tripwire implimentation) every N hours would have nailed a scheme like this quickly. Better switch management (MAC-locking access ports, centralized authentication, etc) may have even prevented the problem in the first place - unless they had an insider who had priv's on the switch and physical access to the device. As a wise man once said .. if you've got physical access, the rest is academic.
Seems like a bit of an inside job to me, but I'm no Dick Tracy...
.. on the whole, I'd have to agree there's much better than even odds of at least insider help. Kind Regards, -dsp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: [TH-research] OT: Israeli Post Office break-in] Gadi Evron (Jan 10)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports Gary Flynn (Jan 12)
- Re: Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports William Warren (Jan 12)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] Jimi Thompson (Jan 14)
- Re: Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] Cedric Blancher (Jan 14)
- <Possible follow-ups>
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] John . Airey (Jan 13)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Frank_Kenisky (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Ron DuFresne (Jan 13)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Dave Paris (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] jan . muenther (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Lan Guy (Jan 14)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Frank_Kenisky (Jan 13)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports Gary Flynn (Jan 12)