Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Port Hijacking

Port Hijacking 11 years 6 months ago #22217

  • ZiPPy
  • ZiPPy's Avatar Topic Author
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 500
  • Thank you received: 0
Hey everybody,

I came across an interesting problem at work the other day that I believe is a port hijack. I wanted to run it by some of you and see what you guys think, and if it is a port hijack, how would one attack this issue to resolve it.

Basically, we had a machine on the floor that was opening up 50+ IE windows. This would start as soon as the computer was fully booted. We removed this computer off the floor because we thought it was infected with a virus. We put another machine on the floor that was fully formatted and rebuilt with just Windows XP Pro installed. As soon as the computer booted up, the same thing started happening. A third machine was put on the floor just to eliminate any chance this was coincidence.

We are using a Cisco 3560 PoE-48 switch.

Is this indeed a port hijack or maybe the correct term is IP hijacking? How would one go about securing an issue such as this?

Thanks for your time guys!

Cheers,

ZiPPy
ZiPPy

Re: Port Hijacking 11 years 6 months ago #22218

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
So lets see if i understand. You plug a machine in a switch port and it starts opening loads of IE windows ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: Port Hijacking 11 years 6 months ago #22219

  • ZiPPy
  • ZiPPy's Avatar Topic Author
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 500
  • Thank you received: 0
That's correct!! The two other machines both had fresh installs of Windows XP Pro.


Cheers,

ZiPPy
ZiPPy

Re: Port Hijacking 11 years 6 months ago #22225

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Honored Member
  • Posts: 1302
  • Karma: 1
  • Thank you received: 0
Were both machines fully patched before being connected?
Also, where they joined to a domain?
If I were to diagnose the problem, I'd probably stick a machine with a fully enabled firewall and sniffing software.

Re: Port Hijacking 11 years 6 months ago #22227

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0

If I were to diagnose the problem, I'd probably stick a machine with a fully enabled firewall and sniffing software.


Very good idea, it sounds very strange
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: Port Hijacking 11 years 5 months ago #22235

  • ZiPPy
  • ZiPPy's Avatar Topic Author
  • Offline
  • Expert Member
  • Expert Member
  • Posts: 500
  • Thank you received: 0
Any sniffing software you can recommend?

We are currently running Forticlient software on each machine as well as Forticlient hardware. Are you recommending I install a different type of firewall on just that test machine I'm going to use, as well as sniffing software?

I think that's a really good idea to setup a sniffer, that way I can analyze and officially see activity on the port.

Thanks,

ZiPPy
ZiPPy
  • Page:
  • 1
  • 2
Time to create page: 0.152 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup