Re: [Newbie] Info about ISP Gateways

From: David Swafford (dswafford@alterhighschool.org)
Date: Thu Mar 15 2007 - 08:17:21 EST


Hi GJK again,

I think I may have misunderstood your original question. I'm thinking
that you are asking how you would test devices that are basically behind
a NAT wall? If that's your question then you would probably only be
able to test the security of the public devices on that customers'
network from the outside. Though do not overlook this because all you
need is one public server from their network that you could take control
of and then use that as a relay into the inside network. I'm not too
sure on all the specifics but I'm thinking that if you were somehow able
to get netcat running on a system that's public you could probably
tunnel through that. If social engineering is part of your test maybe
you could create an automated NetCat script that will launch from an end
users machine and create a connection to your system and return a shell,
that's my closest thoughts on how to approach this.

David.

>>> "Gerrit @ DeadSet Internet Technologies" <info@deadset-tech.com>
3/15/2007 8:56 am >>>
Hi David

Thanks for the reply....

Well, it seems like a bunch of VLAN's but all these VLAN's are behind
a single public IP, how do I reach the private ip's behind this?

As for all the documentation, well, yes I will not attempt to do any
testing before they are in place ;)

Thanks
GJK

At 02:38 PM 15/03/2007, you wrote:
>Hi GJK, welcome to the pen-testing list.
>
>Regarding the private networks, this is just means that they are just
a
>bunch of VLANs with subnets. The ISP gateway (not on the customer
>premise but at the central office or nearest neighborhood DSL pod)
>itself would just forward traffic normally, usually an ISP's upstream
>gateway does little or no filtering in regards to security so your
>methods of testing from your DSL connection into another DSL
connection
>should be unaffected by how the ISP has chosen to structure the
network.
>
>
>Since you mentioned being a newbie, I feel that it is a good that I
>mention this: make sure that you have a written contract detailing
your
>tasks and the scope of the project. Even testing a simple DSL
>connection for a small business can become a problem if the contract
is
>not done properly or not at all, remember to not overlook this vital
>step in the process.
>
>David.
>CCNA, CEH, Security+, Network+
>
> >>> "Gerrit @ DeadSet Internet Technologies" <info@deadset-tech.com>
>3/14/2007 6:52 am >>>
>Hi
>
>I am new to this Pen-Testing idea, just finished the CEH course but
>that only showed how much I actually need to learn.
>
>Problem number one:
>I am on a Wireless/ADSL line, the ISP divided all the Wireless
>customer into separate "private" networks that then go through a
>gateway. To to vulnerability tests on customers on my same network
>from my office is a breeze, but to do it on the other networks will
>be a problem. Does that mean I need to "break" through the ISP's
>gateway first in order to reach the other "private" networks?
>
>Problem number two:
>Should I need to "break" through the gateway of the ISP to reach
>these customers then I guess the ISP might not be very happy about
>it, right? So what way is there around that?
>
>Thanks
>GJK
>
>
>------------------------------------------------------------------------
>This List Sponsored by: Cenzic
>
>Need to secure your web apps?
>Cenzic Hailstorm finds vulnerabilities fast.
>Click the link to buy it, try it or download Hailstorm for FREE.
>
>http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

>
>------------------------------------------------------------------------

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:40 EDT