Penetration Testing mailing list archives
Re: [PEN-TEST] Spoofing switched networks
From: "Chris St. Clair" <chris_stclair () HOTMAIL COM>
Date: Sun, 4 Feb 2001 20:10:16 -0000
skill and knowledge in the security areana. Some people say you >cannot spoof a switched network, I beg the difference. I appreciate
Who says this? The internet by its very nature is switched, and people have been spoofing on it for humpteen (sp?) years.
Can someone inside a switched NT network spoof a host to get
unauthorized access to resources. How easy or hard is it?
Well, that depends. Is access to the resource based on what IP the client system has? Does NT even offer this as an option? I'm not much of NT guy anymore, maybe they thought this was better than broadcasting the poorly encrypted LM hash? At any rate, I'm really not quite sure what your question means. Do you mean, could someone who has another system on the same switch as your NT network spoof another client system to gain access to a resource protected by an IP-based ACL? If that is what you mean, I guess in theory it's possible you could DoS the legitimate client system until it died, and then bring your system up with the needed IP address.
Can someone outside the switched NT network spoof a host to >get
unauthorized access. How can they do this?
Again, not quite sure what you mean. Do you mean someone who is at least one router hop away from your switched segment? If so: DoS, sequence number prediction, source routing.
Can an individual inside or outside the switched NT network >hijack a
session to get into resources
Actual session hijacking would be difficult without being on the same segment. But I guess, why would you want to hijack the session when you could just brute force your way into the resource?
What tools would the culprit use?
Probably a lot of things they wrote themself :> , or any number of available tools. I would start with www.google.com
Can the individual spoof the host using SYN flooding, >sending spoofed
ARP replies, MAC flooding/ MAC spoofing/MAC >duplication.
I'm sure any number of those techniques might or might not work. However, I notice you keep referring to the network in question as as a "switched NT network" as if this fact might offer some added security. Is it safe to assume this segment is comprised of NT systems interconnected via a switch? I think the key here is to understand that whether they're on a network that is switched ethernet, a hub, FDDI or token ring, connected via crossover cables, or dial on demand modems, if they're connected to the internet with little or no access control someone can, and will break into them. -chris _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com
Current thread:
- [PEN-TEST] Spoofing switched networks Salyars, Marty (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Robert van der Meulen (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Brian Hartsfield (Feb 05)
- Re: [PEN-TEST] Spoofing switched networks Dave Ryan (Feb 05)
- <Possible follow-ups>
- Re: [PEN-TEST] Spoofing switched networks Chris St. Clair (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Lindqvist, Johan (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Sam Quigley (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Simon Waters (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Nathan Catlow (Feb 07)
- Re: [PEN-TEST] Spoofing switched networks shawn . moyer (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Sam Quigley (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Robert van der Meulen (Feb 04)
- Re: [PEN-TEST] Spoofing switched networks Eduardo_Campos (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Shoten (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Jason Brvenik (Feb 06)
- Re: [PEN-TEST] Spoofing switched networks Ryan Russell (Feb 06)