Penetration Testing mailing list archives

Auditing boxes with predictable IP Sqeuence(s)

From: "Ralph Los" <RLos () enteredge com>
Date: Mon, 25 Feb 2002 11:47:36 -0500

Hello,

        On a network I've recently had the pleasure :) to audit I came up
with a bunch of hosts which nMap classifies as 'unknown', but with
predictable TCP Sqeuence(s).  Now...are there any tools out there for either
Linux/Win2k that will allow me to exploit this type of 'vulnerability'?
These hosts don't return any other open port information, so I'm guessing
they're either switches, or routers or VPN concentrators...is there any way
to determine which of those it most likely is?  Are there any patterns to
look for, when determining router/switch/vpn box??

Thanks in advance.....something I don't know and I figured I'd ask...


Cheers!



----------------------------------------|
Ralph M. Los
Sr. Security Consultant and Trainer
          EnterEdge Technology, L.L.C.
          rlos () enteredge com
          (770) 955-9899 x.206
----------------------------------------| 


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Auditing boxes with predictable IP Sqeuence(s) Ralph Los (Feb 25)
- <Possible follow-ups>
- RE: Auditing boxes with predictable IP Sqeuence(s) Aleksander P. Czarnowski (Feb 26)
- RE: Auditing boxes with predictable IP Sqeuence(s) Reidy, Patrick (Feb 26)
- Re: Auditing boxes with predictable IP Sqeuence(s) The Blueberry (Feb 27)
- RE: Auditing boxes with predictable IP Sqeuence(s) Toni Heinonen (Feb 28)