Penetration Testing mailing list archives
RE: Auditing boxes with predictable IP Sqeuence(s)
From: "Reidy, Patrick" <Patrick.Reidy () veritect com>
Date: Mon, 25 Feb 2002 18:52:45 -0500
TCP predictability has a few well known possibilities for exploit, not the least of which is packet injection / hijacking. There are a boat load of tools out there, but I personally like Hunt. The tool only works if you are local and can actually sniff the traffic between a client and the targeted server. Of course if your target does not have any ports open... As far as figuring out what the boxes are, there are a lot of ways to skin that cat, might I suggest traffic analysis, if you have the Ethernet access (meaning you can sniff). Watch the traffic with TCPdump and if you see a lot of UDP traffic going to a device and it's all encrypted you got a VPN box, etc. -----Original Message----- From: Ralph Los To: pen-test () securityfocus com Sent: 2/25/2002 11:47 AM Subject: Auditing boxes with predictable IP Sqeuence(s) Sensitivity: Confidential Hello, On a network I've recently had the pleasure :) to audit I came up with a bunch of hosts which nMap classifies as 'unknown', but with predictable TCP Sqeuence(s). Now...are there any tools out there for either Linux/Win2k that will allow me to exploit this type of 'vulnerability'? These hosts don't return any other open port information, so I'm guessing they're either switches, or routers or VPN concentrators...is there any way to determine which of those it most likely is? Are there any patterns to look for, when determining router/switch/vpn box?? Thanks in advance.....something I don't know and I figured I'd ask... Cheers! ----------------------------------------| Ralph M. Los Sr. Security Consultant and Trainer EnterEdge Technology, L.L.C. rlos () enteredge com (770) 955-9899 x.206 ----------------------------------------| ------------------------------------------------------------------------ ---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Auditing boxes with predictable IP Sqeuence(s) Ralph Los (Feb 25)
- <Possible follow-ups>
- RE: Auditing boxes with predictable IP Sqeuence(s) Aleksander P. Czarnowski (Feb 26)
- RE: Auditing boxes with predictable IP Sqeuence(s) Reidy, Patrick (Feb 26)
- Re: Auditing boxes with predictable IP Sqeuence(s) The Blueberry (Feb 27)
- RE: Auditing boxes with predictable IP Sqeuence(s) Toni Heinonen (Feb 28)