People learn from mistakes, be it personal mistakes or others.

I'm curious, I have learned quite a bit over the years from reading and picking apart various break-ins on computer systems. If you could post any computer attacks on your company, on you personally, or even friends I would like to hear about it.

Details please.

Outpost Firewall
NOD32 Anti-Virus
Never Gettin In My House!!!
MUha...Muhaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa :nope:

People learn from mistakes, be it personal mistakes or others.

I'm curious, I have learned quite a bit over the years from reading and picking apart various break-ins on computer systems. If you could post any computer attacks on your company, on you personally, or even friends I would like to hear about it.

Details please.Your IQ scares me.

Your IQ scares me.

Do you mean that in a derogatory way?

I just think it would help the community to post findings of computer break-ins. :)

Do you mean that in a derogatory way?

I just think it would help the community to post findings of computer break-ins. :)
NO!!! Not derogatory in any way, shape or form. Your title (security specialist) is well deserved.

*drops to one knee and lowers head*

You have got to be one of the sharpest people on the Internet when it comes to security. Although I have my machine FULLY protected against hackers, I'm sure you could get through all the security gates. I have the highest respect for you and your security skills. That IQ of yours (200+) is what impresses me.

:)

MD

NO!!! Not derogatory in any way, shape or form. Your title (security specialist) is well deserved.

*drops to one knee and lowers head*

You have got to be one of the sharpest people on the Internet when it comes to security. Although I have my machine FULLY protected against hackers, I'm sure you could get through all the security gates. I have the highest respect for you and your security skills. That IQ of yours (200+) is what impresses me.

:)

MD

Thank you very much for the nice compliment! :)
Just so it's known though I don't consider myself a specialist. A mod put that in place. I just find security and the mind that drives it intriguing.

I'm editing a story to help stimulate this topic a little and get some posts of security breaches. I'll post soon. :D

I look forward to your next post/story and will gladly take any security advice you’d like to share with the SG community.

Well, I'll try and stimulate this thread a little bit. I placed links throughout the post to help with any confusion.

This story comes from the other side roughly two years ago. The person that pulled this off is a close friend of mine and wasn't thrilled about me wanting to post it so she edited, HEAVILY (sorry D but you did :D ) ... and allowed the post.

This will show you how placing too much trust on what you think is secure can cause "problems".

We all know many companies today use VPNs (http://isp.webopedia.com/TERM/V/VPN.html). The typical use is for a company that will have a main branch and several smaller branches all interconnected. For medium - larger companies Cisco routers are typically implemented.

To begin the attack she browses the targets site and looks for the e-mail addresses of soft targets. After finding many possible targets she begins sending e-mails out to the targets hoping for a reply. She gets one. She checks the headers (http://pobox.com/valid1.html) from the received e-mail and locates the targets IP address, the targets workstation name, the targets mail server, and the type of mailer the target used. Knowing the network a little better now she begins using scanners (http://www.google.com/search?hl=en&lr=&q=port+scanners) to map it and locate routers (the prime target of this particular attack).

After scanning for some time she begins to notice trends in the network and investigates further into the possible targets. Knowing that most routers have a loop back interface with a routable IP for remote maintenance she begins probing looking for one that is vulnerable to a popular SNMP (http://www2.rad.com/networks/1995/snmp/snmp.htm) attack. Success. She locates the information she was looking for: the routers interface for the VPN, along with the routers destination address for the remote end of the VPN tunnel.

Note: Information here on pulling router configs from SNMP, at the time it was trivial. (http://cert.uni-stuttgart.de/archive/bugtraq/2000/02/msg00303.html)

With the information she needs in hand she begins to build her packets. She sends a GRE (http://www.javvin.com/protocolGRE.html) packet to the victims router destined for the routers interface for the VPN, with the IP address of the routers VPN tunnel destination in the packets header. The payload of the packet contained the targets IP address with her own address configured as the source. She receives an answer packet to her system from the target, the table has turned, the victim is now talking to her. From there I'm sure you can take the situation and let your imagination run wild.


This type of attack is defendable with things like IPsec (http://www.ietf.org/html.charters/ipsec-charter.html), etc. But you may be suprised how many people still today don't configure tunnels with security in mind.

Kind regards,
greEd

good stuff....i think i need an IQ of 200 just to understand most of what was said in the last post! :D

so by this:
To begin the attack she browses the targets site and looks for the e-mail addresses of soft targets

target site would be any companies website? what is soft target?

and this:
The payload of the packet contained the targets IP address with her own address configured as the source. She receives an answer packet to her system from the target, the table has turned, the victim is now talking to her. From there I'm sure you can take the situation and let your imagination run wild.

so this means that once the "victim" or company is talking to her, she has gained access to the internal network? and from there she can browse the network or whatever?

cool stuff...i'm reading through the links now trying to learn :thumb:

target site would be any companies website? what is soft target?

Target site would be the domain you have set on to attack. A soft target is typically a target you believe to be easily exploitable. In this particular case she enumerated a mail contact list of users that questions about products would be directed, knowing that support personal would be willing to reply to any questions she may have concerning product. Not that she cared about the product, she was simply hoping to get information from the reply mail concerning the inner workings of the network.

so this means that once the "victim" or company is talking to her, she has gained access to the internal network? and from there she can browse the network or whatever?

To a degree. Once she has the victim talking to her she forwards all requests to the proper destination (the remote VPN endpoint) all while every bit of information from "endpoint A" destined to "endpoint B" is being filtered through her system. It was a classic MITM Attack (http://man-in-the-middle-attack.wikiverse.org/).

My little tidbit to contribute to the "Hacked" thread:

Many digital phone systems use a 3rd party management app to allow phone queue monitoring and/or supervisor controls, etc.. The problem with many of these apps, is that they claim to use their own TAPI providers but they forget to NOT make them backward compatible with Microsoft's own generic TAPI. Open up phone dialer on a PC with such 3rd party TAPI providers installed and watch as your screen fills with every phone call going on in the building.. You can then view the UCD info and/or disconnect calls as you wish..

DOH!!

Fortunately, many companies are wising up to this and making sure they use non-Microsoft based TAPI providers.. :rotfl:

GreEd, forgive me for not reading all the links. (I will). The the victim is now tunneled to her, emulating the VPN connection? Is she is then routing their packets? In effect, she is their route to the world?

Or is the connection the other way? She's using their info+her IP to connect to the VPN server, thus gaining access to their "secure" network?

If case one, This reminds me of an old attack where you create a packet (ARP I believe) that tells a router that your IP is the gateway or route to the gateway and in turn that tells those connected to that router that it must send all it's info through you. It's like virtually tapping into the cable, allowing you to sniff everything they send. Of course you'd better be able to route those packets (with some speed mind you) or you'll get found out rather quickly..

Nifty trick but you'd likely want to do it via a decoy machine. One that isn't related to you in any way.
If that's the case, what software in windows really allows for full router capabilities?
Unless of course she has a compromised Nix box? I take it she's good enough to cover her tracks.. Any insight on exactly how she does that? :)

She in the security business too? A proof of concept tester? A geekin hacker chic! Is she hot? I'm having visions of Trinity! HAHAHA

"FunK.....The Matrix Has You......" :rotfl:

If yo are attacked and you use a commercial firewall to track the person can't they just throw a false ip at you and you firewall looks up that ip?????

Rendering this hole discussion useless?????

Nifty trick but you'd likely want to do it via a decoy machine. One that isn't related to you in any way.
If that's the case, what software in windows really allows for full router capabilities?
Unless of course she has a compromised Nix box? I take it she's good enough to cover her tracks.. Any insight on exactly how she does that? :)

She in the security business too? A proof of concept tester? A geekin hacker chic! Is she hot? I'm having visions of Trinity! HAHAHA


It is case one.

She pulled the attack off two years ago, thats as into it as I'll get. She is hot, but I'm married ... and she is a friend of my wifes. :D

If yo are attacked and you use a commercial firewall to track the person can't they just throw a false ip at you and you firewall looks up that ip?????

Rendering this hole discussion useless?????

Can you re-word your post so I can understand. Thanks.

People learn from mistakes, be it personal mistakes or others.

I'm curious, I have learned quite a bit over the years from reading and picking apart various break-ins on computer systems. If you could post any computer attacks on your company, on you personally, or even friends I would like to hear about it.

Details please.

You've posted this before :nod:

I know your pretty good with computer security. I would like your input.
If you had a small workgroup of 10 workstations,all mixed clients.. and all patched from thier respective vendors,
and one nat hardware router, plus all workstations had internal software firewalls and updated anti-virus... what else would do to secure them all?
No server app type services or daemons are running on any of them..

Shinobi :)