Re: Pen testing Fiber Channel

From: Michael Weber (mweber@alliednational.com)
Date: Wed Jan 18 2006 - 13:37:29 EST

• Next message: John Madden: "PHP and MySQL"
• Previous message: Ramon Pinuaga Cascales: "Re: common cookie db?"
• Maybe in reply to: pentesticle@yahoo.com: "Pen testing Fiber Channel"
• Next in thread: Bojan Zdrnja: "Re: Pen testing Fiber Channel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I use FC here, and it's a very nice way to go if you have the $$$. Or, in some cases, $$$$$$$$$.

A FC primer. Look upon an FC array as a pair of disks housed in a cabinet. Each drive can talk to whatever computer it is assigned to. The computers can see however many drives the FC system presents to them. As far as the computers are concerned, they are simply SCSI drives.

So, to get at System B's data through System A, you would have to compromise two things. System A, and the FC system that gives access to the drives.

If you can do that, you can simply tell the FC system to present System B's drives to System A as well. (Sharing drive space is a normal function of FC, that's how clustering works.) The FC switches simply pass data between the different FC ports. Assuming that both System A and System B already have access to the FC system, there should not be any issues with the switches to concern yourself about.

If you are thinking about trying to go directly from System A to System B through the FC switch, it won't work since there is no FC subsystem on System B to talk to. It is possible to DOS the system that way, which is why FC fabric is almost always switched and not hubbed, but I don't think you can get to any data.

Hmmm... I wonder if iSCSI is any different... But I digress.

Once you have told the FC subsystem to allow System A access to System B's drives, simply mount the new drives that just showed up from System A and hack away.

Know, however, that if you write to the System B drives you have a VERY high possibility of bringing System B down in a hurry. Copying certain files to System A for analysis is possible, just tread lightly, have a good backup, make sure your liability insurance is paid up, etc.

-Michael

>>> <pentesticle@yahoo.com> 1/17/2006 2:06 PM >>>
Hello list...
   
I'm performing my first pen-test on a network that uses fiber channel for their backup network. The network diagrams show fiber channel switches on the backside and nothing else to prevent access from one
server to another on a different higher security network. Can anyone tell me if it is possible once I compromise one of the servers on the lower security network can I hop across the fiber channel to a server on the
higher security network? If so how would I go about hopping over via the fiber?
   
Thanks...

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated
file(s) may contain privileged, confidential or proprietary
information or be protected from disclosure under law ("Confidential
Information"). Any use or disclosure of this Confidential Information,
or taking any action in reliance thereon, by any individual/entity
other than the intended recipient(s) is strictly prohibited. This
Confidential Information is intended solely for the use of the
individual(s) addressed. If you are not an intended recipient, you
have received this Confidential Information in error and have an
obligation to promptly inform the sender and permanently destroy,
in its entirety, this Confidential Information (and all copies
thereof). E-mail is handled in the strictest of confidence by
Allied National, however, unless sent encrypted, it is not a secure
communication method and may have been intercepted, edited or
altered during transmission and therefore is not guaranteed.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: John Madden: "PHP and MySQL"
• Previous message: Ramon Pinuaga Cascales: "Re: common cookie db?"
• Maybe in reply to: pentesticle@yahoo.com: "Pen testing Fiber Channel"
• Next in thread: Bojan Zdrnja: "Re: Pen testing Fiber Channel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:23 EDT