Penetration Testing mailing list archives
Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions
From: Fred Mobach <fred () MOBACH NL>
Date: Fri, 29 Sep 2000 22:30:28 +0200
"Loschiavo, Dave" wrote:
How's this for an attack scenario... Since the firewall is not blocking any outbound traffic (bad move) I would make an effort to acquire the email addresses of internal users. That shouldn't be too hard to do if they do business with anyone. Once I had that I would send HTML email to those addresses and try to exploit this 'feature' of Windows: http://www.oamk.fi/~jukkao/bugtraq/0003/0171.html. I would then crack the passwords for the accounts that viewed the email and try to logon to listening services using those accounts and passwords. Assumptions: 1. I am able to find a valid email address. 2. HTML mail is not cleaned before it reaches the user. 3. The email client does HTML mail. 4. The email client is residing on a MS OS. 5. The users who read the email have authenticated to an NT domain. 6. The users who read the email have the ability to log on to the listening services I am trying to access via open firewall ports.
Three out of five of my customers are prone to this attack ;-). One is not prone because he does not use NT, the company is occupied with health insurance. Another one is save because his firewalls are configured in a better way, it's a financial company. The other were already warned and are not interested in security-related mailinglists. Regards, Fred Mobach
Current thread:
- [PEN-TEST] NAT / Stateful Packet Inspection Questions Leon Rosenstein (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Jose Nazario (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions David Pick (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Deri Jones (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Andre Delafontaine (Sep 27)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Dug Song (Sep 27)
- <Possible follow-ups>
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Loschiavo, Dave (Sep 29)
- Re: [PEN-TEST] NAT / Stateful Packet Inspection Questions Fred Mobach (Sep 29)