Breaking into corporate enterprises, governments etc.

euser1984 · 17-01-2015 12:54pm #1

Firstly, please don't make assumptions about me or my motives but I am curious as to how potential attackers would get ip address' of target networks...

I know many things about this area (it's an area I am constantly close to due to working in the industry) - what baffles me is the idea that companies or organisations like these would host email or their website on their own dmz zones on their own networks....even for files these days and the benefits of the cloud (with encrypted data of course)...so, where do they get ip address'? What kind of machines are exposed to the internet that are directly connected to sensitive internal networks.

I know that you have factors like ERP systems and the like but your talking about VPN's there and finding the ip address of mobile computers?

I know that money is always going to be a factor but I imagine that's where the price is based "somewhat" to get the business for these hosting companies? Plus the likes of expertise and redundancy you get with some of the bigger companies.

ED E · 17-01-2015 8:49pm

From the inside.

Send a malformed PDF to some low level monkey, they open it, infect the machine. Boom, you have a beached within the LAN (firewall isnt much use then).

hmmm · 17-01-2015 8:54pm

IP addresses are available publicly.

Just because you move something into the cloud doesn't make it secure - you're only swapping one set of risks for another. Cloud services don't care about your security as much as you do, you have little visibility as to what they are doing and when things break you'll end up trying to contact someone rather than getting on with fixing it yourself.

Mr. G · 17-01-2015 10:33pm

IP Addresses have WHOIS information. It would be very easy to find one's mail server IP address.

The benefits of using cloud services only goes so far. You lose control, surveillance requests etc don't go through you etc. The security requirements of a healthcare provider would be different to the requirements of say, a waste management agency.

The only way to prevent attacks, is not to have it accessible via the internet or on machines that access the internet, unfortunately.

ressem · 20-01-2015 11:31pm

It's more than whois.

There are the BGP routing tables which list the ip ranges held by large organisations.
http://bgp.he.net/AS32934#_asinfo

Getting the IP address of the network gateway / proxy shouldn't achieve much though.

As for the cloud stuff, there's pluses and minuses.
Using a cloud front-end and a company owned back-end works for some.

Microsoft make sure their 365 servers are patched more consistently that the average business, but if you have to, by law, do your utmost to ensure recall notices don't get lost, then some generic microsoft 365 / google apps spam filter mightn't be for you.

They are finally getting around to making containers for your garden variety operating systems, so maybe by Windows 11, Microsoft Word won't have roughly the same permissions as it's user to access the file server.

demanufactured · 21-01-2015 10:14pm

With big companies using the likes of MPLS WAN's it would be damn near impossible to break into their networks...and even if you did....you'd be found out very quick.

biko · 22-01-2015 11:53pm

Read Kevin Mitnick about social engineering. You're probably going to have less hassle that way.

Cuddlesworth · 23-01-2015 11:08am

demanufactured wrote: »

With big companies using the likes of MPLS WAN's it would be damn near impossible to break into their networks...and even if you did....you'd be found out very quick.

The larger the network, the easier it becomes for mistakes to happen and backdoors to appear. It costs nothing to keep a botnet running scans. But social is always the best option.

Capt'n Midnight · 01-02-2015 12:16am

Leave a USB key in the carpark in the morning , chances are someone will take it in and stick it in a machine.

The device could use a light sensor to figure out when the office was empty and switch over to evil mode.

Worst case is that the USB controller on the motherboard gets reprogrammed. And in much the same way that warts hide from the immune system by staying on the outside, AV scans and BIOS upgrades can't reach a controller that might only be programmable from the USB port.

Link may be blacklisted at work
https://srlabs.de/badusb/

Reprogramming USB peripherals. To turn one device type into another, USB controller chips in peripherals need to be reprogrammed. Very widely spread USB controller chips, including those in thumb drives, have no protection from such reprogramming.

BadUSB – Turning devices evil. Once reprogrammed, benign devices can turn malicious in many ways, including:

A device can emulate a keyboard and issue commands on behalf of the logged-in user, for example to exfiltrate files or install malware. Such malware, in turn, can infect the controller chips of other USB devices connected to the computer.
The device can also spoof a network card and change the computer’s DNS setting to redirect traffic.
A modified thumb drive or external hard disk can – when it detects that the computer is starting up – boot a small virus, which infects the computer’s operating system prior to boot.

jimgoose · 01-02-2015 1:33am

Do a Bill Adama on it. Forget about computers and networks altogether.

Mr. G · 01-02-2015 2:21pm

Solution: Put silicon in the usb ports and disable them in Windows.

Breaking into corporate enterprises, governments etc.

Comments