[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Drive-by Pharming

To: Knud Erik Højgaard <kokanin@xxxxxxxxx>, "James Matthews" <nytrokiss@xxxxxxxxx>
Subject: Re: [Full-disclosure] Drive-by Pharming
From: "McCarty, Eric C." <emccarty@xxxxxxxxxxx>
Date: Fri, 16 Feb 2007 10:08:06 -0800

One item is that I have not seen considered is how this could be used in a 
corporate network just the same as a home user scenario (it's possible I missed 
it). True that a good amount of Home users don't actually change device 
passwords, but lets be honest, same applies to many businesses as well.

Use a JavaScript port scanner to scan internal devices for web interfaces or 
telnet responses, and then add a few routines to try to login using default 
passwords, and then modify dns settings or other such settings (even hardcode 
entries into local hosts file) on the device and viola. 

As for defenses, let's state the obvious:

1). Change Default Passwords
2). Hard Code ACL's to allow administration from only certain IP's (this is 
more from a business environment admittedly)
3). Turn off JavaScript or use the No Script Plug-in

That's it off the top of my head, maybe some monitoring of outbound connections 
and log file analysis to round it off but really the common sense issue is #1.

Eric McCarty

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Drive-by Pharming
  - From: Knud Erik Højgaard

Prev by Date: Re: [Full-disclosure] utorrent issue?
Next by Date: Re: [Full-disclosure] Drive-by Pharming
Previous by thread: Re: [Full-disclosure] Drive-by Pharming
Next by thread: Re: [Full-disclosure] Drive-by Pharming
Index(es):
- Date
- Thread