Security Basics mailing list archives
Re: Re: Attacking a machine on network.
From: sandeep.sandhu.in () gmail com
Date: 30 May 2007 00:44:19 -0000
Lets assume your machine is not a server, and is not "listening" on any TCP/UDP port. Since the machine is connected to a network, there must be some network protocol being used by a network client software. That protocol or the client's code could have a vulnerability which could be exploited. For example, your anti-virus agent might be scheduled to setup a http, ftp or pop3 connection to find out if a new anti-virus update is available for patching. This client could be misused by spoofing the anti-virus distribution server and injecting malacious code into the binaries picked up by the anti-virus. Your machine could also be setup to synchronise the internal clock by contacting public NTP servers, this could also potentially be exploited. Similarly, there are several malacious websites which try to exploit web-browser vulnerabilities. They being scanning a client IP-address when they receive a browser connection. See the Microsoft Strider-monkey project for examples. The honeyclient is another such example. Regards
Current thread:
- Attacking a machine on network. John Pluffum (May 29)
- Re: Attacking a machine on network. Jason Ross (May 29)
- Re: Attacking a machine on network. Paul Sebastian Ziegler (May 30)
- Re: Attacking a machine on network. John Pluffum (May 30)
- RE: Attacking a machine on network. Mark Brunner (May 30)
- Re: Attacking a machine on network. Ryan Chow (May 30)
- RE: Attacking a machine on network. Murda Mcloud (May 30)
- Re: Attacking a machine on network. John Pluffum (May 30)
- Re: Attacking a machine on network. Alexander Klimov (May 30)
- <Possible follow-ups>
- Re: Re: Attacking a machine on network. sandeep . sandhu . in (May 30)
- Re: Re: Attacking a machine on network. savagemp5 (May 31)