PaulDotCom mailing list archives
Re: pixieboot attack
From: Robin Wood <robin () digininja org>
Date: Mon, 16 Jan 2012 15:25:43 +0000
On 16 January 2012 15:10, Mike Patterson <mike () snowcrash ca> wrote:
On 12-01-16 4:38 AM, Robin Wood wrote:Has anyone done this? Do organisations use PXE boot on network machines?I've thought about it, mostly from the "how to prevent it" perspective. The most feasible answer I came up with is "hope it doesn't happen." I don't know about other organisations, but some places I've worked use it. They tend to enable it only for machine installation, and disable it again afterwards. The one group I was with that made heavy use, we had a separate VLAN just for this. Enable PXE, change the VLAN, boot / reinstall, disable PXE, change the VLAN back. I don't know what might break if you blocked the bits that PXE needs to properly work on non-"reinstall" networks, but that could be a mitigation. Mike
So seeing as it may be a valid attack, anyone fancy writing Pixieboot to take advantage of this attack? Robin _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack Jim Halfpenny (Jan 16)
- Re: pixieboot attack Mike Patterson (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack James Shewmaker (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack Robin Wood (Jan 16)
- Re: pixieboot attack David Auclair (Jan 19)