Penetration Testing mailing list archives
Re: [PEN-TEST] Non-routable IP weaknesses?
From: Frank Darden <fdarden () LOCKED COM>
Date: Wed, 20 Dec 2000 13:04:57 -0500
Plenty of interesting things. We once broke through a misconfigured Raptor firewall. Once we learned they were using 10.1.10.0 on their inside net, we configured our browser to use their firewall as a proxy, then began hand typing http://10.1.10.1,.2,.3 etc.. This proved to be very fruitful for us as we compromised their net management machines, intranet site, and obtained info from these machines that yielded us several valid logins. This is just one example of how a little information, a pinch of mis-configuration, and just plain old common sense can turn into a potentially damaging situation for the owner of a network. Frank -----Original Message----- From: Thomas Reinke [mailto:reinke () E-SOFTINC COM] Sent: Wednesday, Decemberr 20, 2000 12:20 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Non-routable IP weaknesses? Anyone know of anything "interesting" that one could do once one had determined that a customer, protected by a NAT based device, had specific non-routable IPs active (e.g. 10.x.x.x, 172.16-31.x.x and 192.168.x.x addresses) Thomas -- ------------------------------------------------------------ Thomas Reinke Tel: (905) 331-2260 Director of Technology Fax: (905) 331-2504 E-Soft Inc. http://www.e-softinc.com Publishers of SecuritySpace http://www.securityspace.com
Current thread:
- [PEN-TEST] Non-routable IP weaknesses? Thomas Reinke (Dec 20)
- Re: [PEN-TEST] Non-routable IP weaknesses? M Schubert (Dec 20)
- Re: [PEN-TEST] Non-routable IP weaknesses? batz (Dec 20)
- <Possible follow-ups>
- Re: [PEN-TEST] Non-routable IP weaknesses? Frank Darden (Dec 20)
- Re: [PEN-TEST] Non-routable IP weaknesses? Philipp Buehler (Dec 21)