ID PACKETSTORM:17759 Type packetstorm Reporter Packet Storm Modified 2000-05-02T00:00:00
Description
`ISS products are meant to be used in a defensive role. Here we will look at
using them in an offensive role.
===Please note that the writer has NO responsibility for YOUR actions with
this === ===information! I did not make you do it. I just made you aware it
COULD be done.===
Internet Scanner and the Real Secure products can both be used to create a
DoS type attack on unsuspecting networks. Here is what a would-be attacker
would need to conduct such an attack:
ISS product.
Visit http://crack.21m.net/ and obtain the key generator for ISS products.
Cut your key to include the range of IP addresses, which you wish to use the
products against. (Or just make one "God" key by making the range
0.0.0.0-255.255.255.255)
Install the product and drop the newly created key in the directory. Now
your ready to go to work. Note: You may want to install the latest Xpress
updates before you begin. Having the latest and greatest exploits and
vulnerabilities in the product increases your chances of finding one that
your target is vulnerable to.
Scenarios:
Having ISS Internet Scanner on a laptop could work wonders. For instance,
have physical access to a network. Plug yourself in. Now let Internet
Scanner run DoS attacks against the entire network. Or set up policies in
Real Secure that restrict net bios traffic if it is a Windows network
environment. Or maybe stop all traffic to website you hate by blocking HTTP
traffic from any host to your target (website). Remotely a person could look
up a domain on the Internet, grab its IP address, remotely check for its
Operating System, and Web server application and let Internet Scanner run
against it.
Keep in mind that these products will not spoof the source IP address that
the attacks are coming from. There are only a couple of "checks"(attacks)
that spoof the source address of the attack. Although in Real Secure killing
TCP connections are a bit harder to trace than a teardrop attack from
Internet Scanner.
There are a number of ways that these products could be used in an offensive
manner. This is in no way an all-inclusive listing.
`
{"type": "packetstorm", "published": "2000-05-02T00:00:00", "reporter": "Packet Storm", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "1e53d18422edef1edcacceb794bb78b8"}, {"key": "modified", "hash": "50a884e1807d9c1d6a339d0b44bd608f"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "50a884e1807d9c1d6a339d0b44bd608f"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "7e63640ffbb0546f3e2929f550c8818d"}, {"key": "sourceData", "hash": "9ba71a6ecf128c410feca1db9869a9a3"}, {"key": "sourceHref", "hash": "3869cff5e8c88c45532f932859c92b95"}, {"key": "title", "hash": "e23451584b03b76791154fc69c75a139"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "bulletinFamily": "exploit", "cvss": {"vector": "NONE", "score": 0.0}, "sourceData": "`ISS products are meant to be used in a defensive role. Here we will look at \nusing them in an offensive role. \n \n===Please note that the writer has NO responsibility for YOUR actions with \nthis === ===information! I did not make you do it. I just made you aware it \nCOULD be done.=== \n \n \nInternet Scanner and the Real Secure products can both be used to create a \nDoS type attack on unsuspecting networks. Here is what a would-be attacker \nwould need to conduct such an attack: \nISS product. \nVisit http://crack.21m.net/ and obtain the key generator for ISS products. \nCut your key to include the range of IP addresses, which you wish to use the \nproducts against. (Or just make one \"God\" key by making the range \n0.0.0.0-255.255.255.255) \nInstall the product and drop the newly created key in the directory. Now \nyour ready to go to work. Note: You may want to install the latest Xpress \nupdates before you begin. Having the latest and greatest exploits and \nvulnerabilities in the product increases your chances of finding one that \nyour target is vulnerable to. \nScenarios: \nHaving ISS Internet Scanner on a laptop could work wonders. For instance, \nhave physical access to a network. Plug yourself in. Now let Internet \nScanner run DoS attacks against the entire network. Or set up policies in \nReal Secure that restrict net bios traffic if it is a Windows network \nenvironment. Or maybe stop all traffic to website you hate by blocking HTTP \ntraffic from any host to your target (website). Remotely a person could look \nup a domain on the Internet, grab its IP address, remotely check for its \nOperating System, and Web server application and let Internet Scanner run \nagainst it. \n \nKeep in mind that these products will not spoof the source IP address that \nthe attacks are coming from. There are only a couple of \"checks\"(attacks) \nthat spoof the source address of the attack. Although in Real Secure killing \nTCP connections are a bit harder to trace than a teardrop attack from \nInternet Scanner. \n \nThere are a number of ways that these products could be used in an offensive \nmanner. This is in no way an all-inclusive listing. \n \n`\n", "viewCount": 2, "history": [], "lastseen": "2016-11-03T10:26:18", "objectVersion": "1.2", "href": "https://packetstormsecurity.com/files/17759/ISS.txt.html", "sourceHref": "https://packetstormsecurity.com/files/download/17759/ISS.txt", "title": "ISS.txt", "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-03T10:26:18"}, "dependencies": {"references": [], "modified": "2016-11-03T10:26:18"}, "vulnersScore": -0.4}, "references": [], "id": "PACKETSTORM:17759", "hash": "233b912d87facb52e0b89a39d8f03cf929eef040d66fb85928960b2edaabc4e1", "edition": 1, "cvelist": [], "modified": "2000-05-02T00:00:00", "description": ""}