Re: PenTesting a IPX/SPX Client

From: Rob Shein (shotenat_private)
Date: Mon Jul 15 2002 - 09:04:15 PDT

Next message: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"

Previous message: Cox, Michael: "Web VA Tools"
In reply to: st0ff st0ff: "PenTesting a IPX/SPX Client"
Next in thread: Jacek Lipkowski: "Re: PenTesting a IPX/SPX Client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The first problem is that you won't be able to connect to it via IPX/SPX
over the internet.  If you're on the local wire, that is a different
story, however.

For IPX/SPX attack info, check out Nimrod Mobile Research Centre
(www.nmrc.org), and I can attest that you'll find the protocol is far
less secure.  That said, you'll also find that it's remarkably different
from TCP/IP in many ways.  Some of the good news includes that it's
fantastically simple (technically speaking; the sequence numbers are
limited and even usually sequential) to hijack connections, and some of
the bad news is that it's so different from TCP/IP that you may not find
it easy to exploit.  

On Mon, 2002-07-15 at 08:03, st0ff st0ff wrote:
> hello,
> i have to pentest a nt client. there is tcp/ip as well
> as ipx/spx installed. An ip-filter prevents accessing
> the box using tcp/ip. is there a possibility to do it
> over ipx? are there scanner-tools available like nmap?
> 
> thanks 4 all answers
> 
> if0ff
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Autos - Get free new car price quotes
> http://autos.yahoo.com
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
> 



#################################################################
#################################################################
#################################################################
#####
#####
#####
#################################################################
#################################################################
#################################################################

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Benninghoff, John: "RE: OpenSSH (version < 3.4p1) && linux"
Previous message: Cox, Michael: "Web VA Tools"
In reply to: st0ff st0ff: "PenTesting a IPX/SPX Client"
Next in thread: Jacek Lipkowski: "Re: PenTesting a IPX/SPX Client"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jul 15 2002 - 11:00:20 PDT