Re: Auditing boxes with predictable IP Sqeuence(s)

From: The Blueberry (acr872k@hotmail.com)
Date: 02/26/02

• Previous message: Ogle Ron (Rennes): "RE: GPRS security"
• Maybe in reply to: Ralph Los: "Auditing boxes with predictable IP Sqeuence(s)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "The Blueberry" <acr872k@hotmail.com>
To: RLos@enteredge.com, pen-test@securityfocus.com
Date: Tue, 26 Feb 2002 22:49:16 +0000

Since nmap recognizes a lot of routers and switches it is probably or an
exotic router, a vpn or a printer. (I recently came up at a bunch of HP
printers not recognized by nmap...) But I'm not aware of canned
scripts/exploits to exploit TCP sequence numbers vulnerability but I don't
think it would be of much resort for you apart if there are servers denying
service to external networks...

And it could be of some help if you used SolarWinds's scanner to find SNMP
daemons running, I already came up across an entire company's B network with
_all_ ciscos snmp and tftp enabled... :p

Hope my post was helpful!

>From: "Ralph Los" <RLos@enteredge.com>
>To: pen-test@securityfocus.com
>Subject: Auditing boxes with predictable IP Sqeuence(s)
>Date: Mon, 25 Feb 2002 11:47:36 -0500
>MIME-Version: 1.0
>Received: from [66.38.151.27] by hotmail.com (3.2) with ESMTP id
>MHotMailBE4429700088400432564226971BAF7B0; Mon, 25 Feb 2002 17:01:37 -0800
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[66.38.151.19])by outgoing.securityfocus.com (Postfix) with QMQPid
>413D5A324C; Mon, 25 Feb 2002 14:08:01 -0700 (MST)
>Received: (qmail 6826 invoked from network); 25 Feb 2002 16:46:51 -0000
>From pen-test-return-1705-acr872k Mon, 25 Feb 2002 17:02:42 -0800
>Mailing-List: contact pen-test-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <pen-test.list-id.securityfocus.com>
>List-Post: <mailto:pen-test@securityfocus.com>
>List-Help: <mailto:pen-test-help@securityfocus.com>
>List-Unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:pen-test-subscribe@securityfocus.com>
>Delivered-To: mailing list pen-test@securityfocus.com
>Delivered-To: moderator for pen-test@securityfocus.com
>X-Server-Uuid: 09D2A061-A64D-4587-8E3B-1712D61989F3
>Message-ID: <29F92B16A662464F908233F0549907262BE6EB@www.test1.com>
>Sensitivity: Company-Confidential
>X-Mailer: Internet Mail Service (5.5.2653.19)
>X-WSS-ID: 1064B56212791-01-01
>
>Hello,
>
> On a network I've recently had the pleasure :) to audit I came up
>with a bunch of hosts which nMap classifies as 'unknown', but with
>predictable TCP Sqeuence(s). Now...are there any tools out there for
>either
>Linux/Win2k that will allow me to exploit this type of 'vulnerability'?
>These hosts don't return any other open port information, so I'm guessing
>they're either switches, or routers or VPN concentrators...is there any way
>to determine which of those it most likely is? Are there any patterns to
>look for, when determining router/switch/vpn box??
>
>Thanks in advance.....something I don't know and I figured I'd ask...
>
>
>Cheers!
>
>
>
>----------------------------------------|
>Ralph M. Los
>Sr. Security Consultant and Trainer
> EnterEdge Technology, L.L.C.
> rlos@enteredge.com
> (770) 955-9899 x.206
>----------------------------------------|
>
>
>----------------------------------------------------------------------------
>This list is provided by the SecurityFocus Security Intelligence Alert
>(SIA)
>Service. For more information on SecurityFocus' SIA service which
>automatically alerts you to the latest security vulnerabilities please see:
>https://alerts.securityfocus.com/
>

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

---

• Previous message: Ogle Ron (Rennes): "RE: GPRS security"
• Maybe in reply to: Ralph Los: "Auditing boxes with predictable IP Sqeuence(s)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages RE: SQL ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Insurance ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ... (Pen-Test) RE: Pen-Testing Lotus Notes/Domino ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) RE: Router question (was Re: postfix problems) ... >> behind routers safer? ... What kind of security does a ... tie ins with security servers. ... Level 2 - True firewall, ... (RedHat) Re: Controversial paper - Good response article on ZDNet ... >>this respect I would have to say windows is improving faster. ... >>proficient in good security is totally ridiculous. ... Cisco switches and routers run the internet. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > pen-test  > 2002-02