Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Privacy of ISP's customers

from [Marc Doudiet] Network Security [Permanent Link]
Subject: RE: Privacy of ISP's customers
Date: Sun, 14 Jan 2007 18:33:13 +0100 
Hello,

I'm not sure to understand by at what layer are you with the other customer
? Can you do arp poisoning ?
If so you can sniff the traffic...

Hope this help.
 


Marc Doudiet
PSD SECURITE
Information systems security consultant
L.A. IS 27001 - Information Systems Security Officer (HEC-GE)
http://www.psdsecurite.com
Av. de Boisy 42
1004 Lausanne - Switzerland
+41 21 622 0728 - +4179 5893494

-----Message d'origine-----
De : listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] De
la part de s-williams@nyc.rr.com
Envoyé : mercredi, 10. janvier 2007 22:32
À : alcides.hercules@gmail.com; pen-test@securityfocus.com
Objet : Re: Privacy of ISP's customers

For starters my people don't chnage there default ip address and once you
have access you open up the internal host and make those accessible via the
internet. Kind of like turning off thefirewall "A wise man ask questions, a
fool is afraid of knowledge"  

-----Original Message-----
From: Alcides <alcides.hercules@gmail.com>
Date: Wed, 10 Jan 2007 16:18:03
To:pen-test@securityfocus.com
Subject: Privacy of ISP's customers

Hi List,
I'm presently working with a semi-government ISP as a security consultant.
The ISP has provided Internet access to the customers via phone lines, it's
DSL.
The customer is given q DSL router as a CPE. ISP people configure it with 2
IP addresses; one local and one global, and implement NAT for security. And
the router is configured using both ie Global/Private IP address in a
browser.
I recently have been asked to find out loopholes in the mentioned system
where the customer's privacy is not taken care or can be compromised. 
Now when I started my activities impersonating a normal customer, I found
that:
1]I can nmap and discover open ports on my and neighboring IP addresses.
2] This included HTTP, HTTPS, FTP, SMB, NB-SSN etc services listening for
incoming connections.
3]When I try to connect to some customer's HTTP port, I'm taken to his/her
DSL-router(CPE) config. page, Configuration password is asked but is blank.

Now my questions:
1]What kind of tests can be carried out in order to find out what level of
access can other customers gain and 2]What degree of impact can it have as
far as the privacy of the customers is considered.
Your views can be a great help.

Thanking you,

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=70160000
0008bOW
------------------------------------------------------------------------

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Community Rainbow Tables downloading, Marc Doudiet
Next by Date:  RE: ** {Spam} ** reverse proxy identification, Árni Már Harðarson
Previous by Thread:  Re: Privacy of ISP's customers, s-williams
Next by Thread:  Re: Privacy of ISP's customers, Javier Fernández-Sanguino
Indexes:  [Date] [Thread] [Top] [All Lists]