Penetration Testing mailing list archives
[PEN-TEST] Network Scenarios
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Thu, 7 Sep 2000 17:27:26 -0400
Has anyone ever performed or browsed a site which detailed a packet-level penetration test? Scenario: Auditor exhausted most known pen-tests and begins to think of a packet level based intrusion attempt. [Steps] Gather data on machine to be audited for about a week to analyze trends Based on trends create sample packets with a packet injection suite from host(s) that convey information on a regular basis. (e.g.: Server runs SNMP in which sniffed packet data shows xxx information being transferred in concurrent sessions everyday at xx:xx time) Auditor attempts to inject data as host to machine in an effort to access resources on machine. [end steps] Could be a session hi-jack in a sense, but what I would like to know if anyone has performed a test such as this. What can you gain? Well say machine x is running some propietary server/client trusted process which runs command between the scenes, sort of like an expect based script, one may be able to inject packet based data notifying machine x to run xxx script at the specified time a certain trend was captured. This would be a cool thing against cron based jobs which depend on client/server combinations to run jobs. Has anyone performed anything similar or know of a site with relevant info linking to this type of pen-test/intrusion? Please don't respond with state keeping processes or any type of load balancing packet switching information since I'm looking for simple, well semi-simple answers. Sample Trusted Host 10.24.0.5 Server 10.24.0.1 Auditor 192.168.0.5 (while injecting packets address becomes 10.24.0.5) Time 9:00pm Script1 script to ping another host to test keepalive Injection evil expect script to run evil command Packets being transfered at 9:pm daily based on trend analysis trustedhost -Time ---> script1 ---> host Packet being injected Auditor -Time ---> Evilexpect ---> host [host]./evilexpect --> info --> Auditor Sorry for the cheesy diagram and I'm sure this has probably been talked of before, but I've not seen it anywhere. Differences with hijacking a sequence vs. something like this... Hijacking sequences takes time, patience, connectivity, massive brainwork, whereas something similar to this can be created in minutes and injected quickly if its something as simple as described above. Any thoughts, tips, rants, raves, flames? ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- [PEN-TEST] Network Scenarios J. Oquendo (Sep 08)