Question on Hacker's Challenge
Qs on Solution 12:
Regarding the SOHO/router; the book states that it is a device, how is it been installed?if it is a device, then the company hav to spend money on this device on all VPN user?isn't it a waste of fund?
According to Solution 12, Answer Section No. 4;a skilled attacker will normally close the hole...if the attacker were to close the hole,is he/she goin to re-hack the system; or access the system through 'justme' account which he/she created? But the 'justme' account must be an administrative account, if not how is he/she going to takeover the system? Or justme may just a normal user account as he/she had already reset the SOHO/router passwd, as long as he/she can gain access to the computer, he/she will have no problem access the router to modify the NAT?
Qs on Solution 15:
What is a DoS attack?How will it affect the Server?
Is it that the Web Server will keep on respond to the source at UDP 7 and caused the processing of the in-coming traffic?
Re: Question on Hacker's Challenge
Quote:
Originally posted here by Penguin
Qs on Solution 12:
Regarding the SOHO/router; the book states that it is a device, how is it been installed?if it is a device, then the company hav to spend money on this device on all VPN user?isn't it a waste of fund?
(It's been quite a while since I've read HC, I might not remember everything correctly)
A SOHO/router is indeed a hardware device. It's one of those "routers" you'll find at any computer shop, like those popular linksys or d-link...
As far as being a waist of funds, it could seem so, but it really isn't (well shouldn't be if configured right...). You see, when you're employees are connecting through a vpn, you are in fact expanding the perimiter of your corporate network to your employees' PCs. Your new security boundary should consequently be expanded to your employees' PCs. In other words, if your employees' PCs get compromised, and they have vpn access to the your main network, it's just as if they had actually broke into your main network; they have equivalent access. This is why it is worth it to provide your VPN users with router/firewalls. Unfortunately in this case, those were incorrectly configured, which was just as bad as having no firewall.
Quote:
According to Solution 12, Answer Section No. 4;a skilled attacker will normally close the hole...if the attacker were to close the hole,is he/she goin to re-hack the system; or access the system through 'justme' account which he/she created? But the 'justme' account must be an administrative account, if not how is he/she going to takeover the system? Or justme may just a normal user account as he/she had already reset the SOHO/router passwd, as long as he/she can gain access to the computer, he/she will have no problem access the router to modify the NAT?
If I remember correctly here, the router device was actually the one setting up the vpn connection. As so, the attacker having gained access to the router only needed the account/pass for the router device, which he then used to modify the nat/redirection rules on the router so that connections coming from him to the router would be forwarded on the vpn tunnel, into the corporate network.
Ammo
Hackers Challenge Question
well was wondering can anyone give me solution to Challenge 1 " The French Connection"
1. What vulnerability did the attacker exploit to compromise the web server?
2. What did the attacker do to try to obfuscate tracking?
thnx