Re: Kaseya

["M.B.Jr." <marcio.barbado () gmail com>]

Dear Ralph,


On 5/27/08, Utz, Ralph <rutz () realtime-it com> wrote:
> Well, from what I understand it gather's it's data by ping scanning the
>  network and referencing the results to it's database of PCs that it's
>  agent is installed on.  If there is an IP that isn't in the database
>  that comes up hot, it trys to access the IPC$ share I believe.  If it
>  can access it, it flags it as a Windows box and trys to install it's
>  agent on the device.  If not, it leaves it and moves on.


Your IP theory fails for dhcp LANs.

Kaseya's basic end-to-end connectionless protocol seems to go like this:
in the first moment at least, the MSP's Kaseya server acts as a
receiver for redundant, say, datagrams, that is, one-way-incoming
signals (from the MSP's perspective).
The Kaseya server feedback's not mandatory but once it's given, the
following would be formed of signals/requests with "Hello again, I'm
still here, wanna manage me and/or synchronize additional stuff?"
messages from its agents.
So far, our guessing is that the referred model would be less related
to network resiliency =)
Fourier would say this repetitive one-way-unicasting profusion (from
the customers' perspective) is a waste of energy, only.


Best regards,


>  Weaknesses that stand out to me are 2 things.  One being that depending
>  on how often you have the appliance set to scan and how old your network
>  gear is, it could flood your network.  Two being that in order to access
>  the IPC$ share on all the machines, you have to use a domain account
>  that has rights to install software on the machine.  Most times this
>  ends up with the MSP requiring a domain admin account because no one
>  wants to fool with delegating permissions.
>
>  So in theory, you have an appliance that floods your network with pings
>  and possible clear txt attempts at using a domain admin account.
>
>
>  -----Original Message-----
>  From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
>  On Behalf Of M.B.Jr.
>  Sent: Saturday, May 24, 2008 2:01 PM
>  To: pen-test list
>  Subject: Kaseya
>
>
> Hello list,
>  there's this infrastructure tool set for automating managed services,
>  named Kaseya (proprietary technology).
>
>  Basically, the managed-services-provider controls one of his customers'
>  remote LANs with two intercommunicating "appliances":
>
>   * a Kaseya dedicated server located at the MSP data center; and
>
>   * a "probe" equipment at the remote LAN.
>
>  The audit team to which I belong is about to examine the probe-featured
>  LAN.
>  Right now, we're researching whether this "solution" can cause the LAN
>  some weaknesses; the resulting research's report is going to shape the
>  logical tests.
>
>  So, the question is (I guess):
>  does anyone know of any Kaseya-enhanced LAN security
>  implication/vulnerability?
>
>  Thank you,
>  yours sincerely,
>
>
>  --
>  Marcio Barbado, Jr.
>
>
> ------------------------------------------------------------------------
>  This list is sponsored by: Cenzic
>
>  Top 5 Common Mistakes
>  in Securing Web Applications
>  Find out now! Get Webinar Recording and PPT Slides
>
>  www.cenzic.com/landing/securityfocus/hackinar
>  ------------------------------------------------------------------------
>
>
>
>
> The information in this email and in any attachments is confidential and may be privileged.
>
>  If you are not the intended recipient, please destroy this message, delete any copies held
>
>  on your systems and notify the sender immediately. You should not retain, copy, or use this
>
>  email for any purpose, and any review or other use of this information by persons or
>
>  entities other than the intended recipient or any retransmission without the written consent
>
>  of the sender is expressly prohibited.
>
>
>
>
>
>  ------------------------------------------------------------------------
>  This list is sponsored by: Cenzic
>
>  Top 5 Common Mistakes
>  in Securing Web Applications
>  Find out now! Get Webinar Recording and PPT Slides
>
>  www.cenzic.com/landing/securityfocus/hackinar
>  ------------------------------------------------------------------------


-- 
Marcio Barbado, Jr.

"In fact, companies that innovate on top of open standards are
advantaged because resources are freed up for higher-value work and
because market opportunities expand as the standards proliferate."
Scott Handy
Vice President Worldwide Linux and Open Source, IBM

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes 
in Securing Web Applications  
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------