Local Scanning and Sniffing
If local access to the target network can be obtained, the range ofinformation that may be gathered is greatly increased.
Network Sniffers
Within the context of a security assessment, local network access for
sniffing simulates that an attacker has installed sniffing software on a
host to attempt to gain further access. This may have been achieved in
one of two ways:
• Physical access - An attacker may have gained physical access to
part of the target site.
• System compromise - An attacker may have previously
compromised an internal host or system.
Many applications used over the Internet and corporate networks have
no intrinsic security within their communications. Typical examples
include Telnet and FTP, but more complex functions are often
conducted using clear or weakly encoded network traffic. Example of
this are:
• Network shares
• Thin client
• Remote control
By utilizing the promiscuous mode on many network cards, this
passing traffic can be monitored, analyzed, filtered and captured for
surreptitious purposes. In the case of applications such as telnet, the
username and password are easily identified during a session. Data
transferred during an FTP or network share session could be captured
and reconstructed later, recovering some or all of the data.
No comments:
Post a Comment