RE: Cain a& Abel Question

• Previous message: Christopher Harrington: "RE: Cain a& Abel Question"
• Maybe in reply to: Pete Jacob: "Cain a& Abel Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 22 May 2003 12:37:30 -0400
To: "Eliot Mansfield" <Eliotm@eurodatasystems.com>, <pen-test@securityfocus.com>

> Persumably a cunning attack vector would be to compromise a
> private network, generate a self signed certificate and use
> windows 2000 group policy to deliver your untrusted root ca
> as a trusted ca into everyones browser. Then C&A and Doug
> Songs tools would work without warning??

If you configured them to use that same cert for signing, you're correct.

Of course, if you own the DC, you may want to push out a keyboard sniffer or a proxy address to capture the same data. ARP attacks are often noticable.

Another idea is to 'upsell' a regular (valid) certificate.

Mike Benham noted last August that IE was lame in how it checks for valid certificates. At that time, you could take an end user certificate and use it to sign another (fake) certificate. If you owned one domain name and got a certificate, you could impersonate anyone. Don't know if the example site is still up but the posting is here: http://www.thoughtcrime.org/ie-ssl-chain.txt

--
David
---------------------------------------------------------------------------
*** Wireless LAN Policies for Security & Management - NEW White Paper ***
Just like wired networks, wireless LANs require network security policies 
that are enforced to protect WLANs from known vulnerabilities and threats. 
Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs.
To get your FREE white paper visit us at:    
http://www.securityfocus.com/AirDefense-pen-test
----------------------------------------------------------------------------

• Previous message: Christopher Harrington: "RE: Cain a& Abel Question"
• Maybe in reply to: Pete Jacob: "Cain a& Abel Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: A question for the list... ... >> evolution of the network ... implement and enforce WLAN security policies ... >> enterprise WLANs. ... implement and enforce WLAN security policies to ... (Incidents) RE: A question for the list... ... attempts to remove the virus from the host. ... -If a command can be given in a channel to "shut down" the network of hosts, ... wireless LANs require network security policies ... that are enforced to protect WLANs from known vulnerabilities and threats. ... (Incidents) Re: A question for the list... ... Is the attacks a virus really? ... > evolution of the network ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ... (Incidents) Re: A question for the list... ... can already redirect known attacks and scans to /dev/null. ... > evolution of the network ... wireless LANs require network security policies ... > that are enforced to protect WLANs from known vulnerabilities and threats. ... (Incidents) Re: ICMP/SYN Flood ... for each network that you mention - you also appear to reference ... > I am experiencing a bad DDoS attack toward one of my server. ... implement and enforce WLAN security policies to lockdown enterprise WLANs. ... (Incidents)