Penetration Testing mailing list archives
Re: Kaseya
From: "M.B.Jr." <marcio.barbado () gmail com>
Date: Thu, 29 May 2008 14:37:08 -0300
Dear Ralph, On 5/27/08, Utz, Ralph <rutz () realtime-it com> wrote:
Well, from what I understand it gather's it's data by ping scanning the network and referencing the results to it's database of PCs that it's agent is installed on. If there is an IP that isn't in the database that comes up hot, it trys to access the IPC$ share I believe. If it can access it, it flags it as a Windows box and trys to install it's agent on the device. If not, it leaves it and moves on.
Your IP theory fails for dhcp LANs. Kaseya's basic end-to-end connectionless protocol seems to go like this: in the first moment at least, the MSP's Kaseya server acts as a receiver for redundant, say, datagrams, that is, one-way-incoming signals (from the MSP's perspective). The Kaseya server feedback's not mandatory but once it's given, the following would be formed of signals/requests with "Hello again, I'm still here, wanna manage me and/or synchronize additional stuff?" messages from its agents. So far, our guessing is that the referred model would be less related to network resiliency =) Fourier would say this repetitive one-way-unicasting profusion (from the customers' perspective) is a waste of energy, only. Best regards,
Weaknesses that stand out to me are 2 things. One being that depending on how often you have the appliance set to scan and how old your network gear is, it could flood your network. Two being that in order to access the IPC$ share on all the machines, you have to use a domain account that has rights to install software on the machine. Most times this ends up with the MSP requiring a domain admin account because no one wants to fool with delegating permissions. So in theory, you have an appliance that floods your network with pings and possible clear txt attempts at using a domain admin account. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of M.B.Jr. Sent: Saturday, May 24, 2008 2:01 PM To: pen-test list Subject: Kaseya Hello list, there's this infrastructure tool set for automating managed services, named Kaseya (proprietary technology). Basically, the managed-services-provider controls one of his customers' remote LANs with two intercommunicating "appliances": * a Kaseya dedicated server located at the MSP data center; and * a "probe" equipment at the remote LAN. The audit team to which I belong is about to examine the probe-featured LAN. Right now, we're researching whether this "solution" can cause the LAN some weaknesses; the resulting research's report is going to shape the logical tests. So, the question is (I guess): does anyone know of any Kaseya-enhanced LAN security implication/vulnerability? Thank you, yours sincerely, -- Marcio Barbado, Jr. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ The information in this email and in any attachments is confidential and may be privileged. If you are not the intended recipient, please destroy this message, delete any copies held on your systems and notify the sender immediately. You should not retain, copy, or use this email for any purpose, and any review or other use of this information by persons or entities other than the intended recipient or any retransmission without the written consent of the sender is expressly prohibited. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
-- Marcio Barbado, Jr. "In fact, companies that innovate on top of open standards are advantaged because resources are freed up for higher-value work and because market opportunities expand as the standards proliferate." Scott Handy Vice President Worldwide Linux and Open Source, IBM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Find out now! Get Webinar Recording and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- RE: Kaseya, (continued)
- RE: Kaseya Shenk, Jerry A (May 26)
- RE: Kaseya Kevin Reiter (May 28)
- Re: Kaseya M.B.Jr. (May 28)
- Message not available
- Re: Kaseya M.B.Jr. (May 28)
- RE: Kaseya Shenk, Jerry A (May 26)
- RE: Kaseya Kevin Reiter (May 28)
- RE: Kaseya Utz, Ralph (May 28)
- Re: Kaseya H D Moore (May 28)
- Re: Kaseya M.B.Jr. (May 31)
- RE: Kaseya Kevin Reiter (May 29)
- Re: Kaseya H D Moore (May 29)
- Re: Kaseya M.B.Jr. (May 29)
- Re: Kaseya H D Moore (May 28)