![pen-test logo](/images/pen-test-logo.png)
Penetration Testing mailing list archives
RE: Auditing boxes with predictable IP Sqeuence(s)
From: "Toni Heinonen" <Toni.Heinonen () teleware fi>
Date: Wed, 27 Feb 2002 22:06:13 +0200
Since nmap recognizes a lot of routers and switches it is probably or an exotic router, a vpn or a printer. (I recently came up at a bunch of HP printers not recognized by nmap...) But I'm not aware of canned scripts/exploits to exploit TCP sequence numbers vulnerability but I don't think it would be of much resort for you apart if there are servers denying service to external networks...
Active OS rarely works if there aren't any open tcp or udp ports, as the original poster referred there wasn't. There are tools such as hunt that exploit weak serial numbers so you can hijack TCP connections, but I don't believe you'll be having a lot of connections to or from switches or routers. The only connections usually made into these devices are management connections. I think in this particular case they manage their network devices from a serial console instead of telnet or ssh, because telnet or ssh wasn't open. Then again, since NMAP can't gather good hard data from the boxes as it doesn't find open TCP ports, it reports a different level of TCP sequence number randomness than that actually encountered in real life TCP connections. So simply put they're hardened network devices such as switches or routers that really won't be having security holes since they aren't offering any services. At best you can do denial of service against these devices, if there's a bug in the TCP/IP-implementation. TONI HEINONEN, CISSP TELEWARE OY Telephone +358 (9) 3434 9123 * Fax +358 (9) 3431 321 Wireless +358 40 836 1815 Kauppakartanonkatu 7, 00930 Helsinki toni.heinonen () teleware fi * www.teleware.fi ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Auditing boxes with predictable IP Sqeuence(s) Ralph Los (Feb 25)
- <Possible follow-ups>
- RE: Auditing boxes with predictable IP Sqeuence(s) Aleksander P. Czarnowski (Feb 26)
- RE: Auditing boxes with predictable IP Sqeuence(s) Reidy, Patrick (Feb 26)
- Re: Auditing boxes with predictable IP Sqeuence(s) The Blueberry (Feb 27)
- RE: Auditing boxes with predictable IP Sqeuence(s) Toni Heinonen (Feb 28)