RE: internal IP address revealed by e-mail

From: Yonatan Bokovza (Yonatan_at_xpert.com)
Date: 04/30/03

  • Next message: Chris McNab: "Re: internal IP address revealed by e-mail" 
    Date: Wed, 30 Apr 2003 11:46:37 +0300
To: <pen-test@securityfocus.com>

    > -----Original Message-----
    > From: Vel [mailto:vel@sympatico.ca]
    > Sent: Monday, April 28, 2003 18:07
    > To: pen-test@securityfocus.com
    > Subject: internal IP address revealed by e-mail
    >
    >
    >
    > HI all,
    >
    > question I have is:
    >
    > If e-mail header reveals the internal IP address of the
    > sender (10.x.x.x),
    > then how can this info be used for mapping the internal network.

    You can't use the 10/8 IP address to attack your target directly,
    because it's not routable, as you've noticed.
    You will be able to use it if (when?) you'd compromise a target
    that has both real IP address and 10/8 IP address.
    The 10/8 IP address can be used to get a clearer map of the
    internal network (segmentation and duplication issues).
    There are blind attacks that might be relevant. They are "blind"
    in the sense that you [ change the packet source to the 10/8
    IP address and your IP ] will not get the response.
    ( Think about an attack where you send ICMP ECHO_REQUEST
    to the 10/8 IP address, with a spoofed source of the 10/8
    network broadcast address. If no filtering equipment drops
    this obviously spoofed packet, it might cause your target to send
    a broadcast ECHO_REPLY. You can used ip_id matching
    trickeries to see if it succeeded. )

    Best Regards,

    Yonatan Bokovza
    IT Security Consultant
    Xpert Systems

    ---------------------------------------------------------------------------
    Did you know that you have VNC running on your network?
    Your hacker does.
    Plug your security holes.
    Download a free 15-day trial of VAM:
    http://www.securityfocus.com/StillSecure-pen-test
    ----------------------------------------------------------------------------

  • Next message: Chris McNab: "Re: internal IP address revealed by e-mail"

    Relevant Pages

    • Re: [4e] question about wizards
      ... However, as Henry Lockwood said in his reply, the published wizard does have ... Attack: Intelligence vs. ... The target is slowed. ... So it's a daily power, and I don't know if there are non-damaging powers ...
      (rec.games.frp.dnd)
    • Re: WOTT - Basic Attacks
      ... to each attack. ... This can also happen any time a potential target is not paying ... The only defense for a sucker punch ... A wrist grab may be a prelude to a mugging also, ...
      (rec.martial-arts)
    • Re: Overview Of New Intel Core i7(Nehalem) Processor
      ... of compromised systems through which the attack was routed. ... E.g. trying to protect against HTML-based exploits ... requires parsing the HTML the same way as the target will. ... If you want to protect your posessions, securing the house is easier than ...
      (sci.electronics.design)
    • Re: WOTT - Basic Attacks
      ... This can also happen any time a potential target is not paying ... time and a quick counter attack should turn the the tables. ... Of the last three persons who have grabbed my wrists outside of training, ... How about, in the case of a double wrist grab, with a pull, moving in to ...
      (rec.martial-arts)
    • |[4E] A couple of 4E sheets
      ... At-Will * Arcane, Implement ... Target: One creature ... This power counts as a ranged basic attack. ...
      (rec.games.frp.dnd)