Penetration Testing mailing list archives
Finding multi-homed, internet connected, systems as potential point-of-entry.
From: "Bongers, Coen" <coen.bongers () logicacmg com>
Date: Mon, 5 Dec 2005 14:41:10 +0100
Hello, Im asked to assess the existence of so-called multi-homed systems on the network of a customer, that are able to directly connect to the internet (and thus circomventing the proxy services), in order to reduce the risk of network compromise through this 'illegal' internet-access. Any tips and/or help on how to approach this would be appriciated. The following approach is my present idea; -Send a spoofed (spoof an internet address under our control) message (IP/ICMP/UDP,etc) to the target(s) from the internal network. -Detect for the response of this message on the spoofed address at the internet. -Log some identifiing information in the initial message, that will end up on the response so that the response can be correlated with the internal address of the system. Questions for me now are; -What are the risks of false negatives and false positives using this methode? -What prerequisites are ther for thes methode to be succesfull? -Are there any other ways of identifieing these 'illegal' internet connections? -Are there any freeware/commercial tools that allready do the job? -If so, how good of a job are they doing? p.s.> there is no administrative access to the target systems, so it has to be a black-box-approach. Thank you. Met vriendelijke groet / with kind regards, Coen Bongers Security Consultant _________________________________________ ________________________________________________________________________ ________________________________________________________________________ ____________________________________________________ The information contained in this email and its attachments (if any) is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or action in reliance of the contents of this information is strictly prohibited and may be unlawful. LogicaCMG is neither liable for the proper and complete transmission of the information contained in this email nor for any delay in its receipt. If received in error, please contact LogicaCMG on +31 (0)40 295 77 77 quoting the name of the sender and the addressee and then delete it from your system. LogicaCMG does not accept any responsibility for viruses and it is your responsibility to scan the email and attachments. ________________________________________________________________________ ________________________________________________________________________ ____________________________________________________ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Finding multi-homed, internet connected, systems as potential point-of-entry. Bongers, Coen (Dec 05)
- Re: Finding multi-homed, internet connected, systems as potential point-of-entry. H D Moore (Dec 05)
- Re: Finding multi-homed, internet connected, systems as potential point-of-entry. MadHat (Dec 06)
- <Possible follow-ups>
- RE: Finding multi-homed, internet connected, systems as potential point-of-entry. Royster, Keith (Dec 07)