Re: Finding multi-homed, internet connected, systems as potential point-of-entry.

[H D Moore <sflist () digitaloffense net>]

I wrote a paper on rogue network detection and developed some tools to 
automate the process. You can find the paper and the toolkit online at:
 - http://metasploit.com/research/misc/rogue_network/

-HD

On Monday 05 December 2005 07:41, Bongers, Coen wrote:
> Hello,
>
> Im asked to assess the existence of so-called multi-homed systems on
> the network of a customer, that are able to directly connect to the
> internet (and thus circomventing the proxy services), in order to
> reduce the risk of network compromise through this 'illegal'
> internet-access.
>
> Any tips and/or help on how to approach this would be appriciated.
>
> The following approach is my present idea;
>
> -Send a spoofed (spoof an internet address under our control) message
> (IP/ICMP/UDP,etc) to the target(s) from the internal network.
> -Detect for the response of this message on the spoofed address at the
> internet.
> -Log some identifiing information in the initial message, that will end
> up on the response so that the response can be correlated with the
> internal address of the system.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------