Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Port Hijacking

Port Hijacking 9 years 5 months ago #22217

  • ZiPPy
  • ZiPPy's Avatar
  • Offline
  • Expert Member
  • Posts: 500
  • Karma: 0
Hey everybody,

I came across an interesting problem at work the other day that I believe is a port hijack. I wanted to run it by some of you and see what you guys think, and if it is a port hijack, how would one attack this issue to resolve it.

Basically, we had a machine on the floor that was opening up 50+ IE windows. This would start as soon as the computer was fully booted. We removed this computer off the floor because we thought it was infected with a virus. We put another machine on the floor that was fully formatted and rebuilt with just Windows XP Pro installed. As soon as the computer booted up, the same thing started happening. A third machine was put on the floor just to eliminate any chance this was coincidence.

We are using a Cisco 3560 PoE-48 switch.

Is this indeed a port hijack or maybe the correct term is IP hijacking? How would one go about securing an issue such as this?

Thanks for your time guys!

Cheers,

ZiPPy
ZiPPy
The administrator has disabled public write access.

Re: Port Hijacking 9 years 5 months ago #22218

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
So lets see if i understand. You plug a machine in a switch port and it starts opening loads of IE windows ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Port Hijacking 9 years 5 months ago #22219

  • ZiPPy
  • ZiPPy's Avatar
  • Offline
  • Expert Member
  • Posts: 500
  • Karma: 0
That's correct!! The two other machines both had fresh installs of Windows XP Pro.


Cheers,

ZiPPy
ZiPPy
The administrator has disabled public write access.

Re: Port Hijacking 9 years 5 months ago #22225

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
Were both machines fully patched before being connected?
Also, where they joined to a domain?
If I were to diagnose the problem, I'd probably stick a machine with a fully enabled firewall and sniffing software.
The administrator has disabled public write access.

Re: Port Hijacking 9 years 5 months ago #22227

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
If I were to diagnose the problem, I'd probably stick a machine with a fully enabled firewall and sniffing software.

Very good idea, it sounds very strange
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: Port Hijacking 9 years 5 months ago #22235

  • ZiPPy
  • ZiPPy's Avatar
  • Offline
  • Expert Member
  • Posts: 500
  • Karma: 0
Any sniffing software you can recommend?

We are currently running Forticlient software on each machine as well as Forticlient hardware. Are you recommending I install a different type of firewall on just that test machine I'm going to use, as well as sniffing software?

I think that's a really good idea to setup a sniffer, that way I can analyze and officially see activity on the port.

Thanks,

ZiPPy
ZiPPy
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.083 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup