RE: Modem detection in a LAN

From: Thor@HammerofGod.com
Date: 03/11/02 

From: Thor@HammerofGod.com
To: sq5bpf@acid.ch.pw.edu.pl, pen-test@securityfocus.com
Date: Mon, 11 Mar 2002 07:27:07 -0800

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 10:30 PM 3/10/2002, Jacek Lipkowski wrote:

>*if* you have the account :) if you work at a university or any other
>network without a strict security policy.

When doing research for a RestrictAnonymous article for Security Focus, I
wrote a series of little apps to enumerate net info with the NULL
user. One of them was TransEnum, which enumerates all the transport
devices bound to a server/workstation. Basically, it just calls
NetServerTransportEnum and returns a level 0 structure that contains the
transport name of any transport devices on a box.

With NT4, the device name nomenclature included a portion of the adapter
type/model, which made it easy to see where modems were set up as RAS
devices. With Win2k, it looks like the adapter type/model has been
replaced with a CSID or something.

With NT4 boxes, the tool was great as it could run against a machine as
NULL even when RestrictAnonymous was set to 1... The same holds true for
Win2k, but you (or someone) will have to figure out the CSID to extract any
more information beyond the protocol in use by the device.

I post this here for 2 reasons: 1, you might have NT boxes and you were
concerned about authentication, and 2, Someone might have their hands on a
CSID reference (if that is what it is) that could shed some light on the
return value of NetServerTransportEnum on Win2k boxes.

Cheers.

AD

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPIzMy4hsmyD15h5gEQIH1ACeN3QWXSfFQ+WeiaUNUQlrDfhTUlYAn0h1
bPK4x4vRYAK3phUlsGiHUhSP
=Rmva
-----END PGP SIGNATURE-----

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Dynamic Checking of Roles - Enterprise Services
    ... security in ASP.net. ... since I am trying to create a base class ... I basically am looking for a way to enumerate the ... And by standardizing the method level checks, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: How to allow users to change their password?
    ... All of the password text boxes will have the ... > be set up to provide the Security dialog window for password changes. ... >> name/password first. ... > See http://www.QBuilt.com for all your database needs. ...
    (microsoft.public.access.security)
  • [Full-Disclosure] Of course you guys support full-disclosure
    ... > If you really cared so much about the security of the Internet, ... Maybe you like flipping burgers then running home and owning some boxes ... It's basic business principles: ... "I don't intend to offend, ...
    (Full-Disclosure)
  • [Full-Disclosure] openssl exploit code (e-secure-it owned)
    ... Erik has a point with regards to securing your own boxes. ... service much like what Security Focus, these guys from NZ, and even the ... worthwhile to pay for. ... There are free alternatives to giving these guys your money. ...
    (Full-Disclosure)
  • [Full-Disclosure] Of course you guys support full-disclosure
    ... >> If you really cared so much about the security of the Internet, ... >Maybe you like flipping burgers then running home and owning some boxes ... It's basic business principles: ... existence, and yes, that make them part of the problem. ...
    (Full-Disclosure)