July 22nd, 2003, 10:08 PM
Greeting Friends ,
I was curious to know if the experts out there had anythings to say about this scenario:
- Let's say I prepared a device that connected between an admins PC and the hub/router it connects with.
- This device records every layer 1 bit that comes out of the admin PC.
- Let's also pretend that the device knows the exact moment when the admin authenticates itself over the network.
- Would it even be possible for me to utilize the recorded bits that were sent out by the admin.
- The reason I ask is...If I sent out the same byte sequence, would the 'authentication thread' process the stream the same as if I were the admin.
- Sure a keylogger would work but let's pretend this admin PC is in Africa ok....
Is it possible?
If the scatman can do it so can you.
July 22nd, 2003, 11:37 PM
That depends. If your admin's machine is hosted on a managed network (i.e.; Windows 2000) and no IPSec or other certification or encryption services are running, it is possible to capture the authentication data and reuse it.
If any IPSec, certificate or other encryption services is running, no ... or, probably no. The encryption is (or should be) only used once, so any subsequent attempt to use the same encrypted authentication data should fail.
This is why physical security in a networked environment is important, just as network, password and other aspects are important. Hijacking a network session in this manner is not a new idea, it's been done in corporate espionage for years. Usually, packet encryption, locked doors, restricted access and escorted visitors covers this vulnerability.
July 23rd, 2003, 12:35 AM
One word, yes. Physical security, as rapier57 said, is the most important of all forms. Same as if someone has access physically to your box, or a server box, than they can fairly easily gain full control of it.