FW: Layer 2 Security And Penetration Testing

From: Billy Dodson (billy_at_pmm-i.com)
Date: 01/04/05

  • Next message: Enno Rey: "Re: Layer 2 Security And Penetration Testing"
    Date: Mon, 3 Jan 2005 17:34:01 -0600
    To: <pen-test@securityfocus.com>
    
    

    Is this cisco TACACS that they are using to protect the ports? Or are
    they doing MAC filtering per port? If they are doing MAC filtering
    configured on the switchport then you would have to know the exact MAC
    that was assigned to the port your plugged into in order to spoof. If
    they are doing MAC auth to a TACACS server then any valid MAC that
    existed on their network could possibly work. They could have
    configured it to block any subsequent connections from a duped MAC
    though. So if you spoof a MAC that already exists in the network there
    is a 50/50 chance that it would work if they are using TACACS.

    Are they not going to give you a connection that works? Or do they want
    you to test this MAC authentication they have in place? If they want
    you to do a vulnerability assessment of the network they should also
    give you a connection with access.

    -----Original Message-----
    From: shiri yacov [mailto:shiri_yacov@hotmail.com]
    Sent: Monday, January 03, 2005 4:03 PM
    To: pen-test@securityfocus.com
    Subject: Layer 2 Security And Penetration Testing

    Greetings to all PenTesters,

    I am scheduled to perform a pentest in a big company, in the near
    future.

    However, a little intelligence gathering has revealed that the company

    has enforced secure MAC on her switches (any port transmitting on other
    than its known MAC address is immediatltly blocked until helpdesk
    releases it.

    since my starting point is a "hot" port in the wall, and since I would
    not

    give up on the first stage, I am looking for a way to get connected to

    the net (using my allocated port) without activating any alarm when

    connecting to the net, and furthermore, without being blocked.

    My idea so far includes spoffing my MAC address, however, I still dont
    know to which MAC address should I switch my MAC to ? how do I know

    which MAC address is the legal one on a specific port ?

    Bruteforce is not an option - the port is frozen after 3 unsuccessful
    subsequent unauthorized MACs.

    Did anyone ever came accross a similar configuration ? Do you have an

    idea as to how can I bypass this.

    Regards,

    Shiri, Security Consultant


  • Next message: Enno Rey: "Re: Layer 2 Security And Penetration Testing"

    Relevant Pages

    • Port # used while using Shared Networking
      ... When using Shared Networking what is the Port # used When my Guest OS ... Is it still Port 80 as it is when I use IE ... On the Mac side there is nothing else connected to the Net except my ... connection settigs for dial-up & connect to the Net.. ...
      (microsoft.public.mac.virtualpc)
    • Re: How Do I Keep Private Computers Off of Our Network?
      ... I recommend enabling port security on on all the switches; ... port to the system's MAC address and then disabling the unused ports. ... If you really need to lock it down then Network Access Control through ... are using their business computer's wired connection to connect ...
      (microsoft.public.windows.server.active_directory)
    • Re: Mac hogging the internet on our network.
      ... U.S Robotics USR9003 2 port ADSL router ... The connection seems to be significantly ... Do you get slowdown when the Mac is up and connected but logged out? ... If you plug the Mac straight into the ADLS router, ...
      (uk.comp.sys.mac)
    • Re: Warning to the newcomer: CHILD MOLESTATION JOKES
      ... I don't know what kind of work you do where you have to use a Windows ... operating systems for a time (Mac, Amiga, Solaris, Linux) but all were ... nine-pin port on a MAC? ... pin serial port. ...
      (rec.skiing.alpine)
    • Re: Warning to the newcomer: CHILD MOLESTATION JOKES
      ... I don't know what kind of work you do where you have to use a Windows ... operating systems for a time (Mac, Amiga, Solaris, Linux) but all were ... nine-pin port on a MAC? ... pin serial port. ...
      (rec.skiing.alpine)