Category Archives: Networking

Funny Story: To DoS or DDoS? … that is the question.

I recently received an invitation to attend a seminar in “How to protect your business from DDoS attacks” the invitation was sent via an HTML attachment.

So, in my paranoia I opened the file in an editor before trying to load it in a browser.  While in the editor view I saw a link to a web server using an IP address directly.

Again I wanted to investigate further, so I loaded the root of the server (http://1.2.3.4/) on Firefox with “Header Spy” add-on in Firefox, just to see some info on the server.

To my surprise the server loads the default IIS page, and with the Header Spy information and look of the page I confirmed it was running IIS 8.5 on Windows (of course).

So I searched for vulnerabilities on IIS 8.5 and came up with MS15-034 bulletin so to make sure, I did manual check using curl with the following lien of code:

curl -v http(s)://hostname (or ip)/ -H “Host: anything” -H “Range: bytes=018446744073709551615” -k

dos

So I used some vulnerability checks from Offensive Security DB and a PoC on Python to be 100% sure and it was confirmed.

So the funny part: A DDoS prevention announcement on a DoS vulnerable host with a 1 year old vulnerability.  Isn’t it funny? #LOL

Ping with creativity … on windows

Recently saw a blog post on netstat , so I tough that if someone could blog about netstat I can blog about ping.  #insidejoke

First of all,  ping is a windows/unix command used to check connectivity between to points using ICMP protocol, but that’s not all you can do with it.

Disclaimer:  Many networks block ICMP, so this may not help you in any way.

First let see our options:

ping-help

As you can see there are a lot of options, but lets test three (3) of the most common ones.

Check connectivity to target

Check for DNS resolution on target

Manipulate TTL,  lets check the third (3rd) hop on a route to target

So let’s be creative with it:

Traceroute & check 30 hops

Do a ping sweep discovery on a /24 subnet

Now we can do  a reverse DNS walk

So now you see how an everyday  “insignificant” command can be of very much use.

In unix we have more tools available to manipulate strings and with the power of Bash more so.  But in essence you can do the same. I will cover this in a future post.

jq2106

Testing your mail server for impersonation or relay attacks.

Recently a friend ask me how does he knows if his mail server is vulnerable to impersonation or relay attacks. (SPAM, Phishing, etc)

First we have to think why these attacks happen. For one thing there is no authentication/authorization on the SMTP connections between servers and mostly misconfiguration. Sometime we think we did all there is to do when configuring our serves an sometime we trust what vendors say (are we suppose to?), but that the way to tragedy in security.
Continue reading Testing your mail server for impersonation or relay attacks.