The force is with those who
read
the source...
Handshakes
0
[
0.00 h/s
]
,
1
Conn,
0
Err
SSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
#0: This does not look like SSL!
This
failure
highlights one of the challenges of doing security testing: finding vulnera‐
bilities can be hard. Exploiting known vulnerabilities can also be hard. This is one
reason that modern attacks commonly use social engineering to make use of humans
and their tendency toward trust and behaviors that can lead to exploitation—often
technical vulnerabilities are harder to exploit than manipulating people. This does
not mean that these nonhuman issues are not possible given the number of vulnera‐
bilities discovered and announced on a regular basis. See
Bugtraq
and the
Common
Vulnerabilities and Exposures project
for evidence of this.
DHCP attacks
The Dynamic Host Configuration Protocol (DHCP) has a test program called
DHCPig
, which is another consumption attack, designed to exhaust resources avail‐
able in a DHCP server. Since the DHCP server hands out IP addresses and other IP
configuration, it would be a problem for enterprises if their workers weren’t able to
obtain addresses. While it’s not uncommon for the DHCP server to hand out
addresses with long leases (the period of time a client can use the address without
having to renew it) a lot of DHCP servers have short lease times. A short lease time is
important when everyone is mobile. As users come on and off the network regularly,
sometimes staying for short periods of time, having clients hang onto leases can also
consume those resources. What this means, though, is that when clients have short
leases, a tool like
DHCPig
can grab expiring leases before the client can get them,
leaving the clients out in the cold without an address and unable to do anything on
the network. Running
DHCPig
is as simple as running the Python script
pig.py
and
specifying the interface that is on the network you want to test against.
