)Hi,
I'm new to network security, coming from a .Net C# background.
We all know that just NAT on your modem/router is not a secure way to prevent a malicious hacker from gaining access to your internal network, however if port scans shows you only open ports on a specific IP and by default none are relayed etc on the modem/router, how would it be possible for someone to compromise your internal network or even specifically target an internal machine?
Mapping an internal non-routable network must be difficult?
I've not used nmap or scanline tools yet, I was hoping to get to learn about the theory and methadologies first.
thanks
wankerstain
NAT
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
well, a router is a pretty safe way to protect your inner network.
but if an attacker knows the model/manufacturer of the router (or just tries different ones and hope to have success) he can surely use the usual exploiting techniques, we all know that no software is 100% safe, same with the software on routers.
but the most popular technique to get access to the inner network is MAC-flooding. a router acts like a switch and routes the incoming requests to the proper targets in the inner network, to do this the router has a cache where the MAC-adresses (hardware adresses) of the connected clients are stored. now an attacker could send a massive ammount of faked requests by using faked adresses, because the cache of the router´s adress table has a limited size it can´t work properly any more after a while and so isn´t able to decide which requests are "good" and which are faked. so it can happen that the switch routes the requests which have unknown targets to ALL ports like a HUB, "hoping" the right one will answer. when that happens the attacker would be able to sniff the traffic behind the router and so get informations for further malicious activities.
but good routers have an extra cache for every port, so this technique wouldn´t apply to them.
hope it helped a bit...
but if an attacker knows the model/manufacturer of the router (or just tries different ones and hope to have success) he can surely use the usual exploiting techniques, we all know that no software is 100% safe, same with the software on routers.
but the most popular technique to get access to the inner network is MAC-flooding. a router acts like a switch and routes the incoming requests to the proper targets in the inner network, to do this the router has a cache where the MAC-adresses (hardware adresses) of the connected clients are stored. now an attacker could send a massive ammount of faked requests by using faked adresses, because the cache of the router´s adress table has a limited size it can´t work properly any more after a while and so isn´t able to decide which requests are "good" and which are faked. so it can happen that the switch routes the requests which have unknown targets to ALL ports like a HUB, "hoping" the right one will answer. when that happens the attacker would be able to sniff the traffic behind the router and so get informations for further malicious activities.
but good routers have an extra cache for every port, so this technique wouldn´t apply to them.
hope it helped a bit...
-
wankerstain
- Newbie
- Posts: 5
- Joined: 03 Nov 2005, 17:00
- 18
great info
bad_brain,
nice one, thanks for that info, I had no idea that that was possible and it obviously makes sense to flood the MAC cache to make the router malfunction and act like a hub.
would it be possible to point me in the right direction where can I find more information about the other 'usual' exploiting techniques pls?
I'm going to setup a VMWARE network and see if I can test out these techniques
anyone know if VMWARE has a virtual router? or is it just Virtual Switches?
thanks
Wanker Stain
nice one, thanks for that info, I had no idea that that was possible and it obviously makes sense to flood the MAC cache to make the router malfunction and act like a hub.
would it be possible to point me in the right direction where can I find more information about the other 'usual' exploiting techniques pls?
I'm going to setup a VMWARE network and see if I can test out these techniques
anyone know if VMWARE has a virtual router? or is it just Virtual Switches?
thanks
Wanker Stain
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
phew, that´s too much to explain right here, for a first look check this:
http://www.uf4.net/buffer_overflow.html
but when you really want to take a deeper look get the shellcoder´s handbook, there is everything explained about exploiting...
http://www.uf4.net/buffer_overflow.html
but when you really want to take a deeper look get the shellcoder´s handbook, there is everything explained about exploiting...
-
wankerstain
- Newbie
- Posts: 5
- Joined: 03 Nov 2005, 17:00
- 18
thanks for the link, it explained it quite nicely and I think that I am ready to move on to the next stage.
I took a look on Amazon for the shellcoder's handbook however the reviewers say that it is of an advance level, readers should posses advance knowledge in Assembly etc.
As I don't posses these knowledge, can you start me off with somethings else on the lines of how to map or exploit internal networks behind a router. something I can really get my teeth into pls.
I don't mind learning assembly etc however I will need a little guidence.
wanker stain
I took a look on Amazon for the shellcoder's handbook however the reviewers say that it is of an advance level, readers should posses advance knowledge in Assembly etc.
As I don't posses these knowledge, can you start me off with somethings else on the lines of how to map or exploit internal networks behind a router. something I can really get my teeth into pls.
I don't mind learning assembly etc however I will need a little guidence.
wanker stain
-
bad_brain
- Site Owner
- Posts: 11636
- Joined: 06 Apr 2005, 16:00
- 19
- Location: In your eye floaters.
- Contact:
um,I have no idea about assembly either.... 
the shellcoder´s handbook gives you basic information too, surely you need assembler knowledge to understand the whole book, but it´s also good for people without this background (at least imo).
if you´re really interested in learning assembly (be warned ) you can find some nice documents in the textfile-section.
and for your networking needs you really have to get familiar with nmap, not only because it´s the state-of-the-art application, also because you´ll be forced to inform yourself about networking in general (like how the protocols work for example). also a good idea would be to play a little with packet capturing/analyzing applications like ethereal...
the shellcoder´s handbook gives you basic information too, surely you need assembler knowledge to understand the whole book, but it´s also good for people without this background (at least imo).
if you´re really interested in learning assembly (be warned
) you can find some nice documents in the textfile-section.and for your networking needs you really have to get familiar with nmap, not only because it´s the state-of-the-art application, also because you´ll be forced to inform yourself about networking in general (like how the protocols work for example). also a good idea would be to play a little with packet capturing/analyzing applications like ethereal...