From: Bryan (slack3r@boy-genius.net)
Date: Sat Aug 30 2003 - 21:15:56 EDT
Hello all.
I saw something today that got the wheels turning as a potential
vulnerability in network deployment. Let's say a client company has some
sort of proprietary device out in the open for anybody to use, and is
connected to the internal network through a regular 100BaseT connection.
But that cable is easily unplugged... and plugged into whatever you
want. Should one want to connect to the network through that connection,
wouldn't it be possible to attach a wired/wireless converter to the
line, and connect to the network via wireless adapter on your machine
from some distance away without anyone being any the wiser?
I did some googling for such a device, and found a few products, but
none that would suit the needs for this application. It should be small
enough to hide, needing only one rj45 port, and maybe a wireless
antenna. And it should also be battery powered as you most likely
wouldn't have a power outlet nearby, much less one that could be
stealthily utilized. Then just a little wireless sniffing should help
you out from there, right?
Any ideas? Thanks
Bryan
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:38 EDT