Penetration Testing mailing list archives
Re: Pen testing Fiber Channel
From: Bojan Zdrnja <bojan.zdrnja () gmail com>
Date: Thu, 19 Jan 2006 10:37:21 +1300
On 17 Jan 2006 20:06:45 -0000, pentesticle () yahoo com <pentesticle () yahoo com> wrote:
Hello list... I'm performing my first pen-test on a network that uses fiber channel for their backup network. The network diagrams show fiber channel switches on the backside and nothing else to prevent access from one server to another on a different higher security network. Can anyone tell me if it is possible once I compromise one of the servers on the lower security network can I hop across the fiber channel to a server on the higher security network? If so how would I go about hopping over via the fiber?
Are you sure you are not talking about SAN here? If it's SAN then you can't use it to do anything else but transfer data on it. You could check one of the machines to see which LUNs (logical disks) are mapped - there can be problems here if a SAN admin allowed access to more LUNs than needed. Other than that, SAN servers (backend servers) are usually on isolated or private network, so you can check if you can reach them somehow (you shouldn't be able to). They basically hold the "keys to kingdom" as they can allow you to map LUNs to anything and then access the disk from other servers, completely compromising the security. Cheers, Bojan ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Pen testing Fiber Channel pentesticle (Jan 18)
- Re: Pen testing Fiber Channel Bojan Zdrnja (Jan 18)
- <Possible follow-ups>
- Re: Pen testing Fiber Channel Michael Weber (Jan 18)
- Re: Pen testing Fiber Channel Bob Beringer (Jan 18)