Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Internal pen-test
From: ddidier () netsecureia com
Date: 3 Jul 2008 09:29:22 -0000

Hello, Taras.  As you pointed out, internal pen testing usually has more areas to test.  Layer 2 and 3 areas need to be 
thoroughly tested.  You mentioned ARP already - you should also consider testing for these types of issues:

DHCP snooping / starvation - ].  DHCP snooping and starvation attacks can disrupt traffic flows by redirecting end 
systems to un-trusted gateways which capture all traffic.  This allows for collection and manipulation of confidential 
data.  This can be prevented in certain switch solutions which support DHCP spoofing and starvation controls. 

VLAN Hoping - VLAN hopping can allow a user to access a VLAN and the systems in that VLAN which their system isn’t 
currently a member of.  This can circumvent security and network integrity in a number of ways.  This is normally a 
problem because the default configuration type for VLAN interfaces is ‘dynamic’ in many vendor devices and allows VLAN 
hopping to occur.

CAM Overflow / MAC flooding - MAC flooding will flood a switch with packets in order to consume memory and causes a 
switch to enter the fail-open mode which causes the switch to flood all data out all ports.  A packet sniffer can then 
be used to capture sensitive data which wouldn’t normally be accessible.  This can be prevented in certain switches by 
configuring MAC limits per port.

Spanning Tree Attacks - Spanning tree attacks have the ability to disrupt redundant layer 2 paths on the network and 
cause denial of service (Dos) attacks and allow the attacker to see data he wouldn’t normally be able to see.

Routing Protocol Authentication - Routing protocols control the overall flow of data through a network.  It is a fairly 
simple task to hijack or inject false routes if proper security measures have not been taken.  Adding authentication 
for routing devices and updates greatly reduces these threats.

Router / Switch Management Access - The ability to manage network devices, including but not limited to routers and 
switches needs to be limited to discrete management systems.  If possible, this should be a dedicated management 

Hope this helps,

Dan Didier

This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]