Re: Finding multi-homed, internet connected, systems as potential point-of-entry.

From: H D Moore (sflist@digitaloffense.net)
Date: Tue Dec 06 2005 - 00:26:17 EST


I wrote a paper on rogue network detection and developed some tools to
automate the process. You can find the paper and the toolkit online at:
 - http://metasploit.com/research/misc/rogue_network/

-HD

On Monday 05 December 2005 07:41, Bongers, Coen wrote:
> Hello,
>
> Im asked to assess the existence of so-called multi-homed systems on
> the network of a customer, that are able to directly connect to the
> internet (and thus circomventing the proxy services), in order to
> reduce the risk of network compromise through this 'illegal'
> internet-access.
>
> Any tips and/or help on how to approach this would be appriciated.
>
> The following approach is my present idea;
>
> -Send a spoofed (spoof an internet address under our control) message
> (IP/ICMP/UDP,etc) to the target(s) from the internal network.
> -Detect for the response of this message on the spoofed address at the
> internet.
> -Log some identifiing information in the initial message, that will end
> up on the response so that the response can be correlated with the
> internal address of the system.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:14 EDT