Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Attacking a machine on network.

from [sandeep . sandhu . in] Network Security [Permanent Link]
Subject: Re: Re: Attacking a machine on network.
Date: 30 May 2007 00:44:19 -0000 
Lets assume your machine is not a server, and is not "listening" on any TCP/UDP 
port. Since the machine is connected to a network, there must be some network 
protocol being used by a network client software. That protocol or the client's 
code could have a vulnerability which could be exploited.

For example, your anti-virus agent might be scheduled to setup a http, ftp or 
pop3 connection to find out if a new anti-virus update is available for 
patching. This client could be misused by spoofing the anti-virus distribution 
server and injecting malacious code into the binaries picked up by the 
anti-virus.

Your machine could also be setup to synchronise the internal clock by 
contacting public NTP servers, this could also potentially be exploited.

Similarly, there are several malacious websites which try to exploit 
web-browser vulnerabilities. They being scanning a client IP-address when they 
receive a browser connection. See the Microsoft Strider-monkey project for 
examples. The honeyclient is another such example.

Regards
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Managed switches outside firewalls?, Hari Sekhon
Next by Date:  Re: Managed switches outside firewalls?, Bryan S. Sampsel
Previous by Thread:  Re: Attacking a machine on network., Alexander Klimov
Next by Thread:  Re: Re: Attacking a machine on network., savagemp5
Indexes:  [Date] [Thread] [Top] [All Lists]