mailing list archives
[PEN-TEST] Network Scenarios
From: "J. Oquendo" <intrusion () ENGINEER COM>
Date: Thu, 7 Sep 2000 17:27:26 -0400
Has anyone ever performed or browsed a site which detailed a packet-level penetration test?
Auditor exhausted most known pen-tests and begins to think of a packet level based intrusion attempt.
Gather data on machine to be audited for about a week to analyze trends
Based on trends create sample packets with a packet injection suite from host(s) that convey information on a regular
basis. (e.g.: Server runs SNMP in which sniffed packet data shows xxx information being transferred in concurrent
sessions everyday at xx:xx time)
Auditor attempts to inject data as host to machine in an effort to access resources on machine.
Could be a session hi-jack in a sense, but what I would like to know if anyone has performed a test such as this. What
can you gain? Well say machine x is running some propietary server/client trusted process which runs command between
the scenes, sort of like an expect based script, one may be able to inject packet based data notifying machine x to run
xxx script at the specified
time a certain trend was captured.
This would be a cool thing against cron based jobs which depend on client/server combinations to run jobs.
Has anyone performed anything similar or know of a site with relevant info linking to this type of pen-test/intrusion?
Please don't respond with state keeping processes or any type of load balancing packet switching information since I'm
looking for simple, well semi-simple answers.
Trusted Host 10.24.0.5
Auditor 192.168.0.5 (while injecting packets address becomes 10.24.0.5)
Script1 script to ping another host to test keepalive
Injection evil expect script to run evil command
Packets being transfered at 9:pm daily based on trend analysis
trustedhost -Time ---> script1 ---> host
Packet being injected
Auditor -Time ---> Evilexpect ---> host
[host]./evilexpect --> info --> Auditor
Sorry for the cheesy diagram and I'm sure this has probably been talked of before, but I've not seen it anywhere.
Differences with hijacking a sequence vs. something like this...
Hijacking sequences takes time, patience, connectivity, massive brainwork, whereas something similar to this can be
created in minutes and injected quickly if its something as simple as described above.
Any thoughts, tips, rants, raves, flames?
FREE Personalized Email at Mail.com
Sign up at http://www.mail.com/?sr=signup
- [PEN-TEST] Network Scenarios J. Oquendo (Sep 08)