Re: Kaseya



Dear Ralph,


On 5/27/08, Utz, Ralph <rutz@xxxxxxxxxxxxxxx> wrote:
Well, from what I understand it gather's it's data by ping scanning the
network and referencing the results to it's database of PCs that it's
agent is installed on. If there is an IP that isn't in the database
that comes up hot, it trys to access the IPC$ share I believe. If it
can access it, it flags it as a Windows box and trys to install it's
agent on the device. If not, it leaves it and moves on.


Your IP theory fails for dhcp LANs.

Kaseya's basic end-to-end connectionless protocol seems to go like this:
in the first moment at least, the MSP's Kaseya server acts as a
receiver for redundant, say, datagrams, that is, one-way-incoming
signals (from the MSP's perspective).
The Kaseya server feedback's not mandatory but once it's given, the
following would be formed of signals/requests with "Hello again, I'm
still here, wanna manage me and/or synchronize additional stuff?"
messages from its agents.
So far, our guessing is that the referred model would be less related
to network resiliency =)
Fourier would say this repetitive one-way-unicasting profusion (from
the customers' perspective) is a waste of energy, only.


Best regards,


Weaknesses that stand out to me are 2 things. One being that depending
on how often you have the appliance set to scan and how old your network
gear is, it could flood your network. Two being that in order to access
the IPC$ share on all the machines, you have to use a domain account
that has rights to install software on the machine. Most times this
ends up with the MSP requiring a domain admin account because no one
wants to fool with delegating permissions.

So in theory, you have an appliance that floods your network with pings
and possible clear txt attempts at using a domain admin account.


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of M.B.Jr.
Sent: Saturday, May 24, 2008 2:01 PM
To: pen-test list
Subject: Kaseya


Hello list,
there's this infrastructure tool set for automating managed services,
named Kaseya (proprietary technology).

Basically, the managed-services-provider controls one of his customers'
remote LANs with two intercommunicating "appliances":

* a Kaseya dedicated server located at the MSP data center; and

* a "probe" equipment at the remote LAN.

The audit team to which I belong is about to examine the probe-featured
LAN.
Right now, we're researching whether this "solution" can cause the LAN
some weaknesses; the resulting research's report is going to shape the
logical tests.

So, the question is (I guess):
does anyone know of any Kaseya-enhanced LAN security
implication/vulnerability?

Thank you,
yours sincerely,


--
Marcio Barbado, Jr.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




The information in this email and in any attachments is confidential and may be privileged.

If you are not the intended recipient, please destroy this message, delete any copies held

on your systems and notify the sender immediately. You should not retain, copy, or use this

email for any purpose, and any review or other use of this information by persons or

entities other than the intended recipient or any retransmission without the written consent

of the sender is expressly prohibited.





------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------




--
Marcio Barbado, Jr.

"In fact, companies that innovate on top of open standards are
advantaged because resources are freed up for higher-value work and
because market opportunities expand as the standards proliferate."
Scott Handy
Vice President Worldwide Linux and Open Source, IBM

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------



Relevant Pages

  • Re: Changing a company from 100% Windows to 100% FreeBSD.
    ... >> install. ... >> recommend running it on the network or if it would be better to ... Although the LAN is ... >> installworld to upgrade, too. ...
    (freebsd-questions)
  • RE: Kaseya
    ... agent is installed on. ... on how often you have the appliance set to scan and how old your network ... named Kaseya. ... a "probe" equipment at the remote LAN. ...
    (Pen-Test)
  • Re: Long delay to find the other computer on network
    ... >>I have a simple 2 computer home network set up with a crossover cable. ... >>LAN, so a 3-Com NIC was added and connects to the modem. ... but it is very slow to find the W98 ... >>install XP, but I wonder if anyone knows a less painful fix. ...
    (microsoft.public.windowsxp.network_web)
  • Re: see workgroups in explorer
    ... >can't see most of my lan, after someone installed 'network monitor driver' ... it is checked but only has install and unistall, ... File and Printer Sharing For Microsoft Networks ... Entire Network - Microsoft Windows Network, ...
    (microsoft.public.windowsxp.network_web)
  • Re: 1 NIC to 2 NICs -- how-to instructions?
    ... for what the network should look like when finished. ... > would like to add an additional NIC card to the server (and install ISA ... > setup to a 2 NIC configuration? ... > that I would install the 2nd NIC card and not easily re-establish my LAN, ...
    (microsoft.public.windows.server.sbs)