Full Disclosure mailing list archives
Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
From: jan.muenther () nruns com
Date: Tue, 13 Jan 2004 19:53:48 +0100
Howdy, I can't resist - have to make a few comments on this one, despite us moving massively off topic.
1. How did they know which switch to connect to? Wouldn't this require some knowledge of network topology.
Not necessarily. You'd be amazed by how many (even large) companies have a totally flat network topology, normally due to "historical growth".
if it's a managed switch, most have SPAN (or RSPAN) port capability. mirror other ports to the sniffer port as appropriate.
Erm, common misconception. You don't need to have a span port to sniff in a switched network. And no, you don't have to force the switch into 'hub' mode by flooding its CAM table. ARP cache poisoning works beautifully, particularly when you have operating systems which let you overwrite ARP entries without even the slightest warning (and no, not only Windows is guilty of that).
3. How did they get access to the switch. Shouldn't it have been locked away... never underestimate the power of stupidity. :-)
Indeed. Sometimes physical security of institutions where you'd expect it to be good is abominable. Also, some basic social engineering can take you a long way.
4. How did they convert electrons to money? Was this by raiding bank accounts or collecting credit card numbers?
If you make it into the backend transaction systems, there's a heck of a lot you can do. Cheers, J. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Fwd: [TH-research] OT: Israeli Post Office break-in] Gadi Evron (Jan 10)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports Gary Flynn (Jan 12)
- Re: Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports William Warren (Jan 12)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] Jimi Thompson (Jan 14)
- Re: Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] Cedric Blancher (Jan 14)
- <Possible follow-ups>
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] John . Airey (Jan 13)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Frank_Kenisky (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Ron DuFresne (Jan 13)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Dave Paris (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] jan . muenther (Jan 13)
- Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Lan Guy (Jan 14)
- RE: [Fwd: [TH-research] OT: Israeli Post Office break-in] Frank_Kenisky (Jan 13)
- Re: [Fwd: [TH-research] OT: Israeli Post Office break-in] false weather reports Gary Flynn (Jan 12)