Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT: the detection of illegal gateways

From: BMF <badmotherfsckr () gmail com>
Date: Wed, 19 May 2010 12:21:56 -0700
On Mon, May 17, 2010 at 2:39 AM, J Hein <j.hein () ymail com> wrote:

Are there any good products for detecting illegally installed boxes with a routing capability? One of my fellow 
consultants suggested IP Sonar (by Lumeta) for this purpose which (as he claims) has been successfully used by BT in 
the past. From the product description I've got an impression that IP Sonar cleverly uses traceroute for detecting 
routers that illegally exchange information between internal networks and the internet (so called "network leaks").


People often have this problem with VPN clients. Often you want your
VPN clients to set their default route to the VPN so that they do not
become an unauthorized router or potential hop-point for someone to go
from the Internet into your corproate network via the VPN client. The
standard test is to ping the VPN client from a publicly routed IP and
see which interface the ping reply comes back on. If it came back via
the VPN connection they are fine. If it comes back from an external
facing interface they have some other Internet connection and that is
a problem.

BMF

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: