The insecure VLAN

February 25, 2008 — secauditor

As promised the second part in our series on utilizing Yersinia to exploit insecure network infrastructure designs. This blog focuses on VLAN hopping. First let me say that early on in my pilgrimage to security enlightenment and network utopia (not that I am there yet) I was guilty of the same pitfall that many organizations continue to believe. That belief being, that VLANs are a way to secure network segments. Unfortunately that is not the case. VLANs are purely a way to segment traffic. With strong access lists and port controls they will help to assist in increasing network security, but as a stand alone item they have nothing to do with security. Readers flame on.

With this in mind lets exam how to exploit the unsubstantiated belief that VLANs will secure independent network segments. To do this once again we will go to our wonderful friends in Spain, David and Alfredo and their great tool Yersinia.

Connect your system locally to the switched infrastructure that you would like to exploit. Fire up Yersinia in its graphical mode “yersinia –I” from your beast of a linux machine. Because as the boys in Spain say when asked about a Windows version. “ No, it does certainly not. Perhaps some nice fellow could port yersinia to Windows and make you happy.”

Read the rest of this entry »

Posted in Auditing. Tags: , , , . No Comments »

Exploiting the Core

February 23, 2008 — secauditor

This is the first in a two part blog about utilizing Yersinia to check out the security of your routers and switches. While there are many different exploits and areas of concerns in the routing infrastructures and designs of today, I am going to focus on two areas. Today’s blog is focused on man in the middle attacks (MITM) against routers, specifically, utilizing Yersinia to insert your attack machine in the middle of an HSRP configuration.

——————-

WARNING****Audit Notes

I wanted to put this early on in this post to ensure everyone knows how destructive this tool can be to ones network. This is a very invasive and dangerous exploit for the network. My usual approach is to talk with the IT manager about multiple exploits in this class and to inform them that in my belief it is better to receive a hard copy of the configs and document a simulated attack. If the customer wants us to proceed with a live attack, I always have signed documentation that ensures they know and accept the risks.

Read the rest of this entry »

Posted in Auditing. Tags: , , , , , , , , . No Comments »