[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040113185348.GA11345@ergo.nruns.com>
Date: Tue, 13 Jan 2004 19:53:48 +0100
From: jan.muenther@...ns.com
To: Dave Paris <dparis@...orks.com>
Cc: John.Airey@...b.org.uk, ge@...tistical.reprehensible.net,
bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com
Subject: Re: RE: [Fwd: [TH-research] OT: Israeli Post Office break-in]
Howdy,
I can't resist - have to make a few comments on this one, despite us moving
massively off topic.
> > 1. How did they know which switch to connect to? Wouldn't this require
> > some knowledge of network topology.
Not necessarily. You'd be amazed by how many (even large) companies have a
totally flat network topology, normally due to "historical growth".
> if it's a managed switch, most have SPAN (or RSPAN) port capability. mirror
> other ports to the sniffer port as appropriate.
Erm, common misconception. You don't need to have a span port to sniff in a
switched network. And no, you don't have to force the switch into 'hub' mode
by flooding its CAM table. ARP cache poisoning works beautifully,
particularly when you have operating systems which let you overwrite ARP
entries without even the slightest warning (and no, not only Windows is
guilty of that).
> > 3. How did they get access to the switch. Shouldn't it have been locked
> > away.
>
> .. never underestimate the power of stupidity. :-)
Indeed. Sometimes physical security of institutions where you'd expect it to
be good is abominable. Also, some basic social engineering can take you a
long way.
>
> > 4. How did they convert electrons to money? Was this by raiding bank
> > accounts or collecting credit card numbers?
If you make it into the backend transaction systems, there's a heck of a lot
you can do.
Cheers, J.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists