Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Strange interactions between tunnelling and SMB under

from [Marc SCHAEFER] Network Security [Permanent Link]
Subject: [Full-disclosure] Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment
Date: Thu, 30 Mar 2006 07:52:10 +0200 
Hi,

first, a disclaimer: I don't really need the proprietary Microsoft
Windows environment for my work. It happens that, for interoperability's
sake, I sometimes install free (libre) software on this proprietary
environment on customer systems. It's always quite painful, has strange
implications, and is always quite difficult to debug. But well, some
people apparently still need it.

After that, the issue I saw, which I currently cannot understand:

   I installed the libre software OpenVPN including the TAP driver on
   the proprietary Microsoft Windows environment. I did set up a
   encrypted tunnel between two machines on the same Ethernet subnet
   (this is probably important).

   Testing pings and telnet on the remote tunnel address (e.g.
   192.168.1.2) and capturing data with the libre software Ethereal on the
   real Ethernet interface did show me that the flow of data was
   correctly routed through the tunnel.

   However, accessing \\192.168.1.2\c$ did go through the Ethernet
   interface, and *not the tunnel*, and strangely half-using the private
   addresses!

   I wonder if there is some NetBEUI/NetBIOS/whatever interaction which
   kind-of `resolves' the private IP address as a host name. Thus
   probably as long as noone replies NetBEUI/NetBIOS it should work ...
   but could be exploitable, isn't it ?

   The obvious solution could be to completely disable this resolution,
   or maybe use a real DNS name for the private addresses of the tunnel.

   After all NetBEUI/NetBIOS predates the standard IP networking support
   in the proprietary Microsoft Windows environment and could be considered
   obsolete today (if using a WINS server or DNS resolution). But it is
   still activated by default.

   Looking at the routing tables through NETSTAT.EXE is ... well ...
   strange. No interface, strange routes, it's a bit difficult to really
   understand how routing works on this proprietary plateform.

Has someone also experienced this, or was it some strange local pecularity ?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] Critical PHP bug - act ASAP if you are running web with sensitive data, nocfed
Next by Date:  [Full-disclosure] Fwd: how to get johnny to encrypt (his hard drive), coderman
Previous by Thread:  [Full-disclosure] linux routing table ip-lookup algorithm ??, vanilla sky
Next by Thread:  Re: [Full-disclosure] Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment, B3r3n
Indexes:  [Date] [Thread] [Top] [All Lists]