Well Frigyes Karinthy.
I have been working on an idea that was similar but I was thinking more of personal contact. How it would travel between sites, say if someone sneezed on you in LA, then you fly to Vancouver then sneeze on a few more people etc…
I just saw this come up.
I am not sure if he has any chance at getting out of this.
It might be worth looking at devices in the sense of do we need to connect this to the internet or not?
Just throwing a device on the LAN does not cut it, why do you need to have this connected to the workstation LAN and Internet?
Build separate infrastructures, or at least VLAN it off in to it’s own network, control and monitor your access points. Block out bound useless services, why do people need to have web access from the server VLAN? Does your SCADA system really need to be accessible from the Internet or have access?
The point is not to “win” but to educate the stake holders so they can make an informed decision.
Anti-Sec strikes again,
Anon has hit a big fish.
Just remember that ToR is good, but there has been proven attacks from time to time to break it’s security.
If you check out http://malcon.org/ there is a speaker lined up to release a Windows 8 bootkit.
You can see his other releases here http://www.stoned-vienna.com/ .
I would have to admit that trying to protect software is not on my list of dream jobs, it’s not easy to do. I would even call it difficult, as you can tell by all of the pirated software you can download.
I am not sure if this is getting worse, or if it is just being detected more.
This has to be both, I know this will keep happening. I also like to think that the people defending these systems are getting better at it. That second part might be wishful.
The whole system needs to move from reaction to prevention, we are off to a good start but there is work to do.
I have used this tool a few times and I really liked it. Comparing it to some of the others I have used, it’s got a good interface just like the big boys, but not the big price tag.
It can be used by even people that know little of Web VA’s it will hold your hand through the process.
Part of taking over a TCP session is knowing how it works, that’s why I was previously talking about the TCP handshake.
To take over a session there is a few general steps that need to be done.
1. You need to know the ISN, there is a few ways to do this.
- In between, the conversation. Using some sort of sniffer to watch the traffic to know the ISN.
- Guess, that is not as easy as it was since before RFC 1948.
- Use source routing, but that should be disabled.
2. Once you know the ISN by one way or the other you then need to take the session over. As the session is being taken over the client that is being replaced needs to be knocked off the network. Typically this is done with some sort of DOS.
In most cases this is used to gain access to a target system, back in the days of telnet. You could take over the session then through the needed commands to setup a shell to the machine.
This type of attack is still useful for other things, http sessions and other non-encrypted traffic.
I have been doing some research for a project and I wanted to share some things. During the three way handshake each host sets it’s own ISN.
- Host 1 sends a SYN packet to Host 2 with A as the ISN (Initial Sequence Number), this number should be non-predictable.
- Host 2 responds back with a SYN-ACK the an ACK number of A + 1 and ISN of B.
- Host 1 responds back with a ACK with the ACK set to B + 1 and a ISN of A + 2.
If you add a -S to tcpdump you will see the absolute sequence numbers instead of relative.