Penetration Testing mailing list archives
Re: [PEN-TEST] Breaking SSH Listening Ports
From: Crist Clark <crist.clark () GLOBALSTAR COM>
Date: Thu, 14 Sep 2000 14:21:46 -0700
MARC A KURTZ wrote: (I hope this isn't off-topic) We are looking into way to break a solution we have that uses SSH to forward local ports on a Windows box. It uses the option to only bind to 127.0.0.1 My question is, is a hacker able to "break" into the computer and send data to that loopback address and get the response? Is the loopback completely non-physical?
I believe that's what the RFCs imply and how it is actually implemented... but we are talking about M$ so who cares what the RFCs say.
In other words if a hacker injected 127.0.0.1 packets into the ethernet card somehow, would the card ignore them, or pass them to the IP stack??
Ethernet cards talk Ethernet (obviously). They don't know about IP addresses. If your card gets a valid frame with your MAC address on it, the card should hand it up the stack. The encapsulated IP packet, with whatever address it may have, is not examined by the card. Any sane IP stack should drop a 127 net packet coming from a non-loopback interface. Again, with M$...
Will the hacker be able to get the response if it gave one? We are also assuming there is no PcAnywhere or similiar software installed to take control of the mouse, keyboard and screen.
It would be a _really_ major hole if you could get packets from the 127 net to be accepted by the system when they come from any interface but the loopback (although the attacker must control an interface on the same LAN). I would think people would have tried this one... I never have actually tried myself on a WinXX system. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster () globalstar com
Current thread:
- [PEN-TEST] Breaking SSH Listening Ports MARC A KURTZ (Sep 14)
- Re: [PEN-TEST] Breaking SSH Listening Ports Jose Nazario (Sep 14)
- Re: [PEN-TEST] Breaking SSH Listening Ports Crist Clark (Sep 14)
- <Possible follow-ups>
- Re: [PEN-TEST] Breaking SSH Listening Ports Dunker, Noah (Sep 14)
- Re: [PEN-TEST] Breaking SSH Listening Ports Dunker, Noah (Sep 14)