Next Page >>
stations
From: xperience@interia.pl [mailto:xperience@interia.pl]
Sent: Tuesday, April 27, 2010 8:55 PM
To: bugtraq@securityfocus.com
Subject: STP mitm attack idea
As I read in many white papers about attacks on Spanning Tree Protocol, I found mitm attack on two STP switches, one station and two ethernet NICs.
That attack is in most cases useless because:
- we need physical access to two (not one switch)
- two cards in station
As two cards are possible, that access to two switches in one ie. office is almost impossible.
My idea for modification of this attack needs:
As I read in many white papers about attacks on Spanning Tree Protocol, I found mitm attack on two STP switches, one station and two ethernet NICs.
That attack is in most cases useless because:
- we need physical access to two (not one switch)
- two cards in station
As two cards are possible, that access to two switches in one ie. office is almost impossible.
My idea for modification of this attack needs:
- two stations to attack by mitm (A and B)
- two or more switches with STP protocol
- two attacking stations connected to two different switches in way beetween attacked stations (C and D)
Le mercredi 28 avril 2010 à 18:20 +0200, Jann Horn a écrit :
> Am Dienstag, den 27.04.2010, 19:55 +0200 schrieb Przemyslaw Borkowski:
> > Second scenario:
> > 1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
> >
> > A ---- switch 1 --X-- switch 2 ----- B
> > | |
> > | |
> > C --no conn-- D
> > 2. Station A sends frame to B
On Apr 29, 2010, at 12:19 AM, news <news@phocean.net> wrote:
> Le mercredi 28 avril 2010 à 18:20 +0200, Jann Horn a écrit :
>> Am Dienstag, den 27.04.2010, 19:55 +0200 schrieb Przemyslaw Borkowski:
>>> Second scenario:
>>> 1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
>>>
>>> A ---- switch 1 --X-- switch 2 ----- B
>>> | |
>>> | |
>>> C --no conn-- D
> On Apr 29, 2010, at 12:19 AM, news <news@phocean.net> wrote:
>
> > Le mercredi 28 avril 2010 à 18:20 +0200, Jann Horn a écrit :
> >> Am Dienstag, den 27.04.2010, 19:55 +0200 schrieb Przemyslaw Borkowski:
> >>> Second scenario:
> >>> 1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
> >>>
> >>> A ---- switch 1 --X-- switch 2 ----- B
> >>> | |
> >>> | |
> >>> C --no conn-- D
Am Dienstag, den 27.04.2010, 19:55 +0200 schrieb Przemyslaw Borkowski:
> Second scenario:
> 1. Station C and station D starts to send frames to break link beetween switch 1 and switch 2, and announce non existing connection and switch from C port on switch 1 to D port on switch 2
>
> A ---- switch 1 --X-- switch 2 ----- B
> | |
> | |
> C --no conn-- D
> 2. Station A sends frame to B
> 3. Frame is forwarded to C station
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Web commands injection through FTP Login in Synology Disk Station
CVE-2010-2453
INTRODUCTION
Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal
Vulnerable Products
+------------------
This vulnerability affects the Cisco AVS 3110, 3120, 3180, and 3180A
Management Station appliances that are running software versions prior
to AVS 5.1.0. Administrators can determine the software version of the
AVS appliances by logging in to the Management Station web-based user
interface or from the command-line interface (CLI) of the appliance
operating system.
Hi All,
It's a new year, and we have a new venue and new rules of engagement!
First, the venue - we are back in a pub, in the heart of the west end,
with a private room/bar and easy connection to mainline stations etc.
Food is excellent and drinks are at *normal* pub prices (and, most
importantly, they have Guinness)!!!!
Secondly, ROE: we still run on "Fight Club" rules, i.e. "you will talk",
but we're going to make it a bit easier to get started... This year, we
Venue:
Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH
http://tinyurl.com/dc4420-venue
Nearest stations:
Tottenham Court Road London Underground station (150m) - zone 1
Goodge Street London Underground station (440m) - zone 1
Oxford Circus London Underground station (630m) - zone 1
Leicester Square London Underground station (680m) - zone 1
venue:
Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH
http://tinyurl.com/dc4420-venue
nearest stations:
Tottenham Court Road London Underground station (150m) - zone 1
Goodge Street London Underground station (440m) - zone 1
Oxford Circus London Underground station (630m) - zone 1
Leicester Square London Underground station (680m) - zone 1
venue:
Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH
http://tinyurl.com/dc4420-venue
nearest stations:
Tottenham Court Road London Underground station (150m) - zone 1
Goodge Street London Underground station (440m) - zone 1
Oxford Circus London Underground station (630m) - zone 1
Leicester Square London Underground station (680m) - zone 1
venue:
Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH
http://tinyurl.com/dc4420-venue
nearest stations:
Tottenham Court Road London Underground station (150m) - zone 1
Goodge Street London Underground station (440m) - zone 1
Oxford Circus London Underground station (630m) - zone 1
Leicester Square London Underground station (680m) - zone 1
venue:
Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH
http://tinyurl.com/dc4420-venue
nearest stations:
Tottenham Court Road London Underground station (150m) - zone 1
Goodge Street London Underground station (440m) - zone 1
Oxford Circus London Underground station (630m) - zone 1
Leicester Square London Underground station (680m) - zone 1
venue:
Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH
http://tinyurl.com/dc4420-venue
nearest stations:
Tottenham Court Road London Underground station (150m) - zone 1
Goodge Street London Underground station (440m) - zone 1
Oxford Circus London Underground station (630m) - zone 1
Leicester Square London Underground station (680m) - zone 1
venue:
Upstairs at The Black Horse, 6 Rathbone Place, W1T 1HH
http://tinyurl.com/dc4420-venue
nearest stations:
Tottenham Court Road London Underground station (150m) - zone 1
Goodge Street London Underground station (440m) - zone 1
Oxford Circus London Underground station (630m) - zone 1
Leicester Square London Underground station (680m) - zone 1
Vulnerability Details:
A vulnerability in EMC Celerra may allow an attacker to spoof IP addresses
that are normally used between the Celerra Control Station and X-Blade
(Data Mover) over a private IP network. While these IP addresses are
normally intended for communication internal to the Celerra, they are also
accepted from external sources. By spoofing these IP addresses, an attacker
may be able to gain unauthorized access to file systems on the Celerra. The
vulnerability only exists when the attacker and external IP of the Data
The following recommendations were provided by the vendor.
1. Hide NFS exports and show it only based on the configured access. Setting
forceFullShowmount param to 0 (default is 1) will hide the "/" from the list
since only Control Station have access to it for administration purpose:
[root@virgil slot_3]# server_param server_3 -f mount -info
forceFullShowmount
server_3 :
costs 0.50 Euro per day (and also offers a tire repair service).
By public transport
Leidseplein can be reached via trams 1, 2 and 5 (about 10 minutes from
Amsterdam Central Station) and lines 6, 7 and 10 (about 7 minutes from
the metro station Weesperplein). The bus routes 170, 171, 172 and the
late-night busses 72, 73, 74 and 78 also stop at Leidseplein. For more
travel advice, please visit www.92920v.nl.
Hotel
We can cause aircrack-ng and airdecap-ng to crash when reading
specially crafted dump-files and can also crash remote airodump-ng
sessions by sending specially crafted packets over the air. I am 90%
sure that this denial-of-service can be escalated to
remote-code-execution by carefully introducing new stations to
airodump-ng (for memory allocation) and then causing a heap corruption
as demonstrated.
The tools’ code responsible for parsing IEEE802.11-packets assumes the
self-proclaimed length of a EAPOL-packet to be correct and never to
3.) Fredric Raynal (Head of Research, Sogeti/Cap Gemini) with Arnauld Mascret (Sogeti / Cap Gemini) & Christophe Devaux (Sogeti / Cap Gemini) -- Deception 2.0: Gathering and Exploiting Information
4.) Gynvael Coldwind (Researcher, Hispasec) -- A Case Study of Recent Windows Vulnerabilities
5.) Laurent Oudot (Founder, TEHTRI-Security) -- Silent Steps: Improving the Stealthiness of Web Hacking
6.) Marc Schoenefeld (Independent Network Security Specialist) -- Open Sesame: Examining Android Code with undx2
7.) Shawn Merdinger (Security Researcher) -- We Don't Need No Stinkin' Badges: Hacking Electronic Door Access Controllers
8.) The Grugq (Anti Forensics Specialist) -- Base Jumping: Attacking GSM Base Stations and Mobile Phone Basebands
HITBSecConf2010 - Dubai will also feature a HITB Web Hacking. This years contest will once again include an additional binary reversing challenge as well.
can meet the requirements of many on-the-spot service tests. Ryan Linn's
HTTP NTLM capture module has been integrated into the framework.
Support for the DECT COM-ON-AIR driver has been integrated into
Metasploit, along with two example modules for locating DECT base
stations and detecting active calls. The Lorcon2 library is now
supported through a new ruby-lorcon2 Ruby extension and exploit mixin.
All existing modules using the old Lorcon API have been ported. The
airpwn and dnspwn modules developed by Mike Kershaw (also one of the
Lorcon2 authors) have been integrated into the framework. The pcaprub
Ruby extension has been updated to build on Ruby 1.9.1. Max Moser's
Description of vulnerable software:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vivvo CMS is an intuitive content management system atop a powerful programming
framework, empowering numerous industry leading online newspapers, magazines,
journals, TV and radio stations.
http://www.vivvo.net/
List of found vulnerabilities
It only takes a few seconds to realise that SSH is used in critical systems. We
have seen in recent weeks and months that we are all vulnerable to the security
of the banking systems. Anyone who uses online banking makes use of systems that
include SSH. Do the oil companies have a private network for ordering stocks?
What about weather stations or tidal guages, are they on private networks? Are
there any ISPs who don't use remote mangement?
on 24/11/08 8:04 PM, guillaume.muller@freesurf.fr wrote:
rgod-tsid-pa-he-ru-ka
-
stay tuned with us ...
http://retrogod.altervista.org/join.html
security feeds, radio streams, techno/drum & bass stations to come
-->
<html>
<body>
<object classid='clsid:BDF9442E-9B03-42C2-87BA-2A459B0A5317' id='suntzu' /></object>
enjoy,
Adam
--
Adam Laurie Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899
Ash Radar Station
Marshborough Road
Sandwich mailto:adam@algroup.co.uk
Kent
CT13 0PL
UNITED KINGDOM PGP key on keyservers
in Leicester Square in the heart of London and SoHo.
We'll be putting speakers up across the square at the
Radisson Edwardian Hampshire, but there are lots of
hotels in the region there in the center of London
for those who want to attend (the venue is physically
on top of a tube station on Circle line so easy to get to).
Registration is now open and we hope to have the
Dojo registrations on-line by this weekend. The conference
is on Wednesday/Thursday, which leaves Friday to fly
to Berlin for those going to ph-n. cheers, --dr)
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899
Ash Radar Station
Marshborough Road
Sandwich mailto:adam@algroup.co.uk
Kent
CT13 0PL
UNITED KINGDOM PGP key on keyservers
cheers,
Adam
--
Adam Laurie Tel: +44 (0) 1304 814800
The Bunker Secure Hosting Ltd. Fax: +44 (0) 1304 814899
Ash Radar Station
Marshborough Road
Sandwich mailto:adam@algroup.co.uk
Kent
CT13 0PL
UNITED KINGDOM PGP key on keyservers
I. BACKGROUND
Airspan is a worldwide leader in broadband wireless with over 400 customers
in more than 100 countries. As a founding member of the WiMAX forum, Airspan
has led the way in WiMAX, being among the first wave of companies to achieve
certification for its Base Station and End User Devices.
http://www.airspan.com/
II. DESCRIPTION
Next Page>>
|
