- Posts: 500
- Thank you received: 0
Port Hijacking
17 years 5 months ago #22217
by ZiPPy
ZiPPy
Port Hijacking was created by ZiPPy
Hey everybody,
I came across an interesting problem at work the other day that I believe is a port hijack. I wanted to run it by some of you and see what you guys think, and if it is a port hijack, how would one attack this issue to resolve it.
Basically, we had a machine on the floor that was opening up 50+ IE windows. This would start as soon as the computer was fully booted. We removed this computer off the floor because we thought it was infected with a virus. We put another machine on the floor that was fully formatted and rebuilt with just Windows XP Pro installed. As soon as the computer booted up, the same thing started happening. A third machine was put on the floor just to eliminate any chance this was coincidence.
We are using a Cisco 3560 PoE-48 switch.
Is this indeed a port hijack or maybe the correct term is IP hijacking? How would one go about securing an issue such as this?
Thanks for your time guys!
Cheers,
ZiPPy
I came across an interesting problem at work the other day that I believe is a port hijack. I wanted to run it by some of you and see what you guys think, and if it is a port hijack, how would one attack this issue to resolve it.
Basically, we had a machine on the floor that was opening up 50+ IE windows. This would start as soon as the computer was fully booted. We removed this computer off the floor because we thought it was infected with a virus. We put another machine on the floor that was fully formatted and rebuilt with just Windows XP Pro installed. As soon as the computer booted up, the same thing started happening. A third machine was put on the floor just to eliminate any chance this was coincidence.
We are using a Cisco 3560 PoE-48 switch.
Is this indeed a port hijack or maybe the correct term is IP hijacking? How would one go about securing an issue such as this?
Thanks for your time guys!
Cheers,
ZiPPy
ZiPPy
17 years 5 months ago #22218
by Smurf
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Port Hijacking
So lets see if i understand. You plug a machine in a switch port and it starts opening loads of IE windows ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 5 months ago #22219
by ZiPPy
ZiPPy
Replied by ZiPPy on topic Re: Port Hijacking
That's correct!! The two other machines both had fresh installs of Windows XP Pro.
Cheers,
ZiPPy
Cheers,
ZiPPy
ZiPPy
17 years 5 months ago #22225
by DaLight
Replied by DaLight on topic Re: Port Hijacking
Were both machines fully patched before being connected?
Also, where they joined to a domain?
If I were to diagnose the problem, I'd probably stick a machine with a fully enabled firewall and sniffing software.
Also, where they joined to a domain?
If I were to diagnose the problem, I'd probably stick a machine with a fully enabled firewall and sniffing software.
17 years 5 months ago #22227
by Smurf
Very good idea, it sounds very strange
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
Replied by Smurf on topic Re: Port Hijacking
If I were to diagnose the problem, I'd probably stick a machine with a fully enabled firewall and sniffing software.
Very good idea, it sounds very strange
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx
Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
17 years 5 months ago #22235
by ZiPPy
ZiPPy
Replied by ZiPPy on topic Re: Port Hijacking
Any sniffing software you can recommend?
We are currently running Forticlient software on each machine as well as Forticlient hardware. Are you recommending I install a different type of firewall on just that test machine I'm going to use, as well as sniffing software?
I think that's a really good idea to setup a sniffer, that way I can analyze and officially see activity on the port.
Thanks,
ZiPPy
We are currently running Forticlient software on each machine as well as Forticlient hardware. Are you recommending I install a different type of firewall on just that test machine I'm going to use, as well as sniffing software?
I think that's a really good idea to setup a sniffer, that way I can analyze and officially see activity on the port.
Thanks,
ZiPPy
ZiPPy
Time to create page: 0.130 seconds