Re: The magical invisible bridge

["Kurt Seifried" <bugtraq () seifried org>]

> Hello all,
>    I am wondering if anyone has any wisdom/experience to offer on the
> topic of discovering and or auditing a linux/openbsd bridge? This
> particular bridge is configured with no IP addresses so I have no way to
> scan or connect to it and arp isn't even revealing it's exsistance. Any
> experience on this topic would be greatly appreciated.
>
> Danka,
>   ph00dr0w w1ls0n..

If you break a machine "directly" connected to it (i.e. on same
hub/switch/cross over cable) you can at least send packets to it. If it is
properly setup however it will not respond, unless there is some buffer
overflow/etc in the tcp-ip stack (sort of like how people used to attack
network IDS systems, send packets that would be inspected by the IDS, thus
letting you attack it). Getting onto the admin network used to manage it
(i.e. a third "real" interface) would do the trick but chances are that
network is heavily protected.

Thus the beauty of a properly setup firewall (bridge or not). To bad more
aren't setup properly.


Kurt Seifried, kurt () seifried org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/
http://www.idefense.com/digest.html


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/