PaulDotCom mailing list archives
Re: spoofing another machine's fingerprints
From: Charles Watathi <charleswatathi () gmail com>
Date: Fri, 30 Aug 2013 11:05:47 -0400
Dear Robin, Personally I haven't tested a NAC environment but there are a few hints I have got from @j0emccray. Get his talk "you spent all that money and still got owned", he recommends get voip devices or printers. He used a tool vlan to impersonate a voip device In "the evolution of pen testing high security environment" he says look for a printer, printers and voip are usually excluded from the 802.1x protocol. print the default test page, you will get the mac and ip of the printer. Spoof the mac. On Fri, Aug 30, 2013 at 10:04 AM, Robin Wood <robin () digininja org> wrote:
On 30 August 2013 14:19, Joshua Wright <jwright () hasborg com> wrote:Hi Robin, On Aug 29, 2013, at 6:57 PM, Robin Wood <robin () digininja org> wrote:As I asked about recently, I'll soon be testing a NAC type device andso I was wondering, is there a tool which will let me watch a device then clone its network fingerprint? By fingerprint I mean things like network settings such as TTLs but also open ports (probably couldn't spoof the service but at least open the port).I know there is a tool that is designed to fool attackers by having alist of different OS's and you chose which you want to pretend to be but rather than pick from a list I want to be able to point it at another machine and say "clone that". I don't think that exists. When I want to evade NAC systems, I usually start with a Scapy-generated 3-way handshake that mimic's an iPad or other device that I put together manually.What do you do for IP? Do you work out what is on the network through passive observation and then pick something that looks appropriate? Any other suggestions on testing/avoiding NAC? I've not tested with one in action before and don't have anything to practice against. This particular test is to see if it is doing its job properly so specifics on testing a NAC would be good.If a tool doesn't exist, and I don't think it will, can someone remindme of the name of the tool I described above and I'll have a look see if that can be modified. I think you mean OSFuscate by Irongeek: http://www.irongeek.com/i.php?page=security/osfuscate-change-your-windows-os-tcp-ip-fingerprint-to-confuse-p0f-networkminer-ettercap-nmap-and-other-os-detection-tools .Thats the one. Robin-Josh _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Regards Charles Watathi http://netsecuritystuff.wordpress.com<https://netsecuritystuff.wordpress.com/> <http://netsecuritystuff.blogspot.com>
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- spoofing another machine's fingerprints Robin Wood (Aug 30)
- Re: spoofing another machine's fingerprints Joshua Wright (Aug 30)
- Re: spoofing another machine's fingerprints Robin Wood (Aug 30)
- Re: spoofing another machine's fingerprints Charles Watathi (Aug 31)
- Re: spoofing another machine's fingerprints Joshua Wright (Aug 31)
- Re: spoofing another machine's fingerprints Robin Wood (Sep 02)
- Re: spoofing another machine's fingerprints Robin Wood (Aug 30)
- Re: spoofing another machine's fingerprints Joshua Wright (Aug 30)