Re: PenTesting a IPX/SPX Client

From: Rob Shein (shoten@starpower.net)
Date: Mon Jul 15 2002 - 12:04:15 EDT

• Next message: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"
• Previous message: Cox, Michael: "Web VA Tools"
• In reply to: st0ff st0ff: "PenTesting a IPX/SPX Client"
• Next in thread: Jacek Lipkowski: "Re: PenTesting a IPX/SPX Client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The first problem is that you won't be able to connect to it via IPX/SPX
over the internet. If you're on the local wire, that is a different
story, however.

For IPX/SPX attack info, check out Nimrod Mobile Research Centre
(www.nmrc.org), and I can attest that you'll find the protocol is far
less secure. That said, you'll also find that it's remarkably different
from TCP/IP in many ways. Some of the good news includes that it's
fantastically simple (technically speaking; the sequence numbers are
limited and even usually sequential) to hijack connections, and some of
the bad news is that it's so different from TCP/IP that you may not find
it easy to exploit.

On Mon, 2002-07-15 at 08:03, st0ff st0ff wrote:
> hello,
> i have to pentest a nt client. there is tcp/ip as well
> as ipx/spx installed. An ip-filter prevents accessing
> the box using tcp/ip. is there a possibility to do it
> over ipx? are there scanner-tools available like nmap?
>
> thanks 4 all answers
>
> if0ff
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Autos - Get free new car price quotes
> http://autos.yahoo.com
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>

#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"
• Previous message: Cox, Michael: "Web VA Tools"
• In reply to: st0ff st0ff: "PenTesting a IPX/SPX Client"
• Next in thread: Jacek Lipkowski: "Re: PenTesting a IPX/SPX Client"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:23 EDT