Comments on: Aiming at Higher Network Security Through Extensive Penetration Tests http://bechtsoudis.com/2012/06/11/aiming-at-higher-network-security-through-extensive-penetration-tests/#utm_source=rss&utm_medium=rss&utm_campaign=aiming-at-higher-network-security-through-extensive-penetration-tests Driven by Passion for Challenges Thu, 10 Apr 2014 08:41:30 +0000 hourly 1 http://wordpress.org/?v=3.9.2 By: anestisb http://bechtsoudis.com/2012/06/11/aiming-at-higher-network-security-through-extensive-penetration-tests/#comment-341 Tue, 30 Oct 2012 07:15:09 +0000 http://bechtsoudis.com/?p=1496#comment-341 @surya IP ACLs (operating on Layer 3 & 4) are vulnerable to IP spoofing attacks if no mitigation methods are implemented on the network.

tftp-server-list for cisco IOS is an ACL protection for the SNMP request IP sources (sources is bold for a reason: ACL checks only the incoming IP source address and not the outgoing because command supports only standard ACLs).

The get-config SNMP oid contains the target TFTP server string (and the TFTP IP can be different from the SNMP request’s IP address).

Consequently, an attacker can spoof an allowed IP address to bypass the standard ACL protection and execute a get-config request to an other IP address that he owns.

Always speaking for network configurations with weak or no IP spoofing protection layers.

]]>
By: surya http://bechtsoudis.com/2012/06/11/aiming-at-higher-network-security-through-extensive-penetration-tests/#comment-340 Tue, 30 Oct 2012 01:27:10 +0000 http://bechtsoudis.com/?p=1496#comment-340 Hi Anestis ! in your article you have mentioned about copying router config through SNMPrequest to TFTP services….. but the same can be protected by tftp-server-list command

please offer your comments

]]>
By: anestisb http://bechtsoudis.com/2012/06/11/aiming-at-higher-network-security-through-extensive-penetration-tests/#comment-321 Thu, 11 Oct 2012 17:01:36 +0000 http://bechtsoudis.com/?p=1496#comment-321 The scenario examined in the paper is implemented solely with simulated (GNS3 Cisco Simulator) and virtualized (VMWare) hosts/nodes.
Of course our lab also includes some actual hardware involved directly into our tests, mainly for the network processing nodes (because simulators lack of some features).

A very good resource on simulating Cisco devices with GNS3 in linux hosts is blindhog.net.

Unfortunately a lab video can not be provided according to our policy.

]]>
By: surya http://bechtsoudis.com/2012/06/11/aiming-at-higher-network-security-through-extensive-penetration-tests/#comment-320 Thu, 11 Oct 2012 12:11:39 +0000 http://bechtsoudis.com/?p=1496#comment-320 is entire lab setup is simulated on physical hosts are also involved ?
if possible can u share demo video

thank you

]]>
By: Ion http://bechtsoudis.com/2012/06/11/aiming-at-higher-network-security-through-extensive-penetration-tests/#comment-318 Tue, 09 Oct 2012 23:22:52 +0000 http://bechtsoudis.com/?p=1496#comment-318 Hey Anestis, great article! :) Make sure to share similar activities in twitter, etc in the future, so we get notified sooner *grin*. Have a nice day!

]]>