From: Gareth Davies (gareth.davies@mynetsec.com)
Date: Thu Jun 02 2005 - 02:59:11 EDT
Sherwyn Williams wrote:
> This might be a dumb question but here goes!
>
> once someone gets access to a say linksys for instance apart from
> setting up remote access to the router, or getting the clients real
> ipaddress, what else can someone do. I am doing a pentest, and I want
> to show what are some of the ways that someone can use the router
> acess to the advantage.
>
>
>
> Sherwyn Williams
> Technical Consultant
> (917) 650-5139
> Sherwill22@tmail.com
>
According to the internal IP address structure (from the router internal
interface) you can set port forwards to the inside.
A good way to do this is:
a) Check existing port forwards on the router config (you might locate
the mail or web server for example)
b) Check the DHCP config for currently leased addresses to find active
machines on the network
c) Some routers have a NAT table which will show active connections,
this can help you identify more machines.
When you have located an internal server use the routers fake 'DMZ'
feature which basically forwards all ports to an internal IP, it would
be time consuming but you could effectively compromise any insecure
machine on the private network using these techniques.
Cheers
-- Gareth Davies Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont’ Kiara, 50480 Kuala Lumpur, Malaysia Phone: +603-6203 5303 www.mynetsec.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:22 EDT