Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dial-up, VPN and Network Devices hacking. Dial-up hacking Phone number footprinting: phone directories (on-line and CD-ROM) Wardialing (scanning): automatically.

Published byJulian Booker Modified over 8 years ago

Similar presentations

Presentation on theme: "Dial-up, VPN and Network Devices hacking. Dial-up hacking Phone number footprinting: phone directories (on-line and CD-ROM) Wardialing (scanning): automatically."— Presentation transcript:

1 Dial-up, VPN and Network Devices hacking

2 Dial-up hacking Phone number footprinting: phone directories (on-line and CD-ROM) Wardialing (scanning): automatically dialing a range of numbers, like in telemarketing, using a hardware/software combination. PC with serial ports and modems it is all that is needed Software: ToneLoc, THC-Scan (free) and Phone Sweep (commercial). See book. Typically: one modem can wardial 10,000 numbers in 7 days of 24 hours. Telcos take this seriously and in many areas this is illegal (ping sweep is not). Penetration Domains : once logs are obtained the connections can be classified as (see book for examples in QBASIC): LHF - easily guessed or commonly used passwords for known systems Single authentication, unlimited attempts Single authentication, limited attempts Dual authentication, unlimited attempts Dual authentication, limited attempts Basic countermeasures: Inventory and consolidate modem lines, use at least dual authentication with limited attempts, put in DMZ.

3 PBX, Voicemail, VPN PBX: most PBX are no longer electro-mechanic machines, but rather computers with IP numbers, graphical interfaces, etc. Types: Octel, Williams, Meridian, ROLM, ATT -- all with specific ways to login (some very easy to hack, see book). Basic countermeasure: only turn modem on when maintenance is needed, turn off most of the time. Voicemail: low impact, brute force attempts, but no logs (voice answers). VPN: tunneling private data through the Internet with encryption, reducing WAN costs, and supporting modern electronic commerce. VPN Tunneling involves encapsulation of a datagram within another, be it IP within IP (IPSec) or PPP within GRE (PPTP)IPSecPPTP IPSec (replaces PPTP) and Layer 2 Tunneling Protocol - L2TP (replaces L2F) are the most used VPN standards.

4 VPN Hacking Microsoft PPTP: originally had a weak encryption function, algorithm (RSA), the TCP port (1723) used for connection control was vulnerable to DoS attacks, only the data was encrypted. NT: Service Pack 4 closed these vulnerabilities, Win 9x clients should be upgraded to DUN 1.3 to use these improvements. Win 2k, XP, 7: came with IPSec support as we saw previously. See VPN with Single Sign On in Windows 7. VPN with Single Sign On in Windows 7 IPSec: very difficult to understand, even by experts. Hackers do not seem to have figured it out yet, what is good. Schneier and Ferguson (renowned experts) conclusion: IPSec is too complex to be secure, but it is better than any other security protocol in existence. Schneier and Ferguson Different implementations: VPN requires the use of VPN gateways in the server side. Read this article to see a comparison of these types.this article VOIP hacking: sniffing and enumeration. New tools potential.sniffing and enumerationpotential

5 Network Devices Detection: use traceroute to find the border router.traceroute Port Scanning: Use Nmap or SuperScan and WUPS to scan TCP and UDP ports. In linux use dig to obtain information: e.g. dig -t mx ubalt.eduNmapSuperScan Routers ports (book page 398). If no ports found means security is in place.ports If you find ports open you may be able to identify the type of device (routers, switches, hubs) and their manufacturers. OS Identification: using Nmap and other tools seen previously. Penetration: Once telnet or shell ports are found we can connect and use the data base of passwords to login if the administrator failed to change the default password, but brute force also can be used.we can connectdata base of passwords SNMP: allow to check status, configuration and change the configuration. You should restrict its use, if allowing it at all through your border router. BackDoors : accounts meant for vendors to enable them to bypass a locked-out administrator, but which offer hackers a back door. Vendors like 3Com,Bay, Cisco, Shiva have created these accounts. Change the defaults!! See also more details in the book, if you manage one of these devices.defaults

6 Other vulnerabilities Specific vulnerabilities: Cisco and Ascend write MIB. Cisco weak password encryption. TFTP (most routers). Bay config file is clear text.TFTP Shared vs Switched: shared media broadcasts to all nodes. Switched media builds a table of MAC addresses and send the messages to a specific MAC. Use Snmpsniff in Linux to sniff in shared media networks.Snmpsniff Packet sniffing was developed for the shared media environment, but There are now packet-sniffing tools for switches. Dsniff is easily installed in Ubuntu: use sudo apt-get install dsniff. Use sudo to run it. There is a FAQ to help you with its use. See example.now Dsniff FAQ example Basic countermeasure: use encryption in all your traffic, such as PKI (1,2). You can also use VPN to create more secure connections.12 Arp redirect: arp redirect is part of the dsniff package (traffic goes through an attacker machine). RIP spoofing: Again use WUPS or NMAP to scan port 520 (RIP). A C program rprobe was written to demonstrate how to spoof/redirect.WUPS NMAPrprobe

Download ppt "Dial-up, VPN and Network Devices hacking. Dial-up hacking Phone number footprinting: phone directories (on-line and CD-ROM) Wardialing (scanning): automatically."

Similar presentations

Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206) 217-7048

Securing Remote PC Access to UNIX/Linux Hosts with VPN or SSH Charles T. Moetului WRQ, Inc. (206)
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Guide to Computer Network Security

Guide to Computer Network Security
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.

Network Address Translation, Remote Access and Virtual Private Networks BSAD 146 Dave Novak Sources: Network+ Guide to Networks, Dean 2013.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
1 © J. Liebeherr, All rights reserved Virtual Private Networks.

1 © J. Liebeherr, All rights reserved Virtual Private Networks.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.

1 Microsoft Windows NT 4.0 Authentication Protocols Password Authentication Protocol (PAP) Challenge Handshake Authentication Protocol (CHAP) Microsoft.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.

Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.

Similar presentations

Ads by Google