user access to switch

[humbleman]

Why are you so angry and such an ass? Do you feel better now? Insecure people crack me up.

BTW, I ran Hydra against the SSH port that was also open and did not break it...and yes..i do know how to use Hydra. Were you born to hack? Did you not have to learn? You too were a newbie at some point, so give us newbies a break Mr. Insecurity.

[erhardm]

Why are you so angry and such an ass? Do you feel better now? Insecure people crack me up.

BTW, I ran Hydra against the SSH port that was also open and did not break it...and yes..i do know how to use Hydra. Were you born to hack? Did you not have to learn? You too were a newbie at some point, so give us newbies a break Mr. Insecurity.

First of all, you don't have to be rude with a senior member because he's spending his time to help you, but it seems you don't want help: You want to be spoonfeeded! You didn't mentioned about ssh before, at least for this you could edit your post and be nice and maybe some guy from here would give you the answer you're looking for.

I've seen a lot of newbies that are complaining about seniors. I'm a newbie too but I think that they(seniors) do a really frustrating job--answering the same (some stupid) questions that newbies are asking. HOW DO YOU WANT THEM TO BE (AT LEAST) NICE TO US(newbies) when we don't have at least the sake of common sense?!?!?

Btw, I'm not looking to be liked by the seniors!!! I'm looking for and calling ALL NEWBIES to have AT LEAST COMMON SENSE!

Regards

[purehate]

Why are you so angry and such an ass? Do you feel better now? Insecure people crack me up.

BTW, I ran Hydra against the SSH port that was also open and did not break it...and yes..i do know how to use Hydra. Were you born to hack? Did you not have to learn? You too were a newbie at some point, so give us newbies a break Mr. Insecurity.

Check you PM box for a infraction. I do not care for insulting one of our oldest members who is in very good standing.

[lupin]

Exposure of an administrative interface over a clear text protocol (telnet) should be considered a high.
a) They should use ssh (it's encrypted).
b) The administrative interface shouldn't even be exposed to the public.

I agree with thorin, any administrative interface designed for internal use exposed to the Internet is very bad, even if you cant manage to crack the password with Hydra. Using an unencrypted protocol for communication is bad too, especially if anyone is actually using the Internet to administer the switch - and hopefully that isn't happening. The concern with that is the password details could be captured or the administrative traffic otherwise intercepted or modified.

This probably qualifies as one of those risks that when you find it during a pen test, you report it immediately so it can be fixed ASAP.

Once someone gains administrative access to the switch they could capture, redirect or modify traffic, or even potentially install a modified IOS image.

[Archangel-Amael]

Why are you so angry and such an ass? Do you feel better now? Insecure people crack me up.

BTW, I ran Hydra against the SSH port that was also open and did not break it...and yes..i do know how to use Hydra. Were you born to hack? Did you not have to learn? You too were a newbie at some point, so give us newbies a break Mr. Insecurity.

If you would have looked at the first sentence from thorin:

If supposedly you work for the company and are the only resource available for the work, why are you bothering trying to run Hydra against it? There are only two outcomes here.

And then the signature tag he has:

I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

There would have been no need for your response at all.
The thing is, as was stated, if you break something (on a production network that is of some intrinsic value to your company) you might then be responsible in more ways than you may like. (Think getting fired etc.)

[humbleman]

Check you PM box for a infraction. I do not care for insulting one of our oldest members who is in very good standing.

So your saying he can insult me, but I cannot insult him? give me a break. I was being nice to everybody until this guy came along insulting me for no reason. I defend myself and get an infraction? I am confused. This guy even admits in his signature he can be a jerk.

I agree with thorin, any administrative interface designed for internal use exposed to the Internet is very bad, even if you cant manage to crack the password with Hydra. Using an unencrypted protocol for communication is bad too, especially if anyone is actually using the Internet to administer the switch - and hopefully that isn't happening. The concern with that is the password details could be captured or the administrative traffic otherwise intercepted or modified.

This probably qualifies as one of those risks that when you find it during a pen test, you report it immediately so it can be fixed ASAP.

Once someone gains administrative access to the switch they could capture, redirect or modify traffic, or even potentially install a modified IOS image.

Thanks for your respectful reply. Wish others have your confidence and generosity. I am aware of the clear text nature of telnet, but I don't think they actually use it. The network admins didn't even know the port was open. I also have to take probability into account. What is the liklihood that this traffic would be sniffed? It seems pretty unlikely. The risk is high, but the liklihood seems low.

If you would have looked at the first sentence from thorin:

And then the signature tag he has:
There would have been no need for your response at all.
The thing is, as was stated, if you break something (on a production network that is of some intrinsic value to your company) you might then be responsible in more ways than you may like. (Think getting fired etc.)

Yes, I was fully aware of what I was doing and I had used Hydra before and slowed it down. I also spoke with the network admin before hand. I may be a newbie, but I do have common sense. I was on a time contraint (1 day left) and didn't have time for a lot of research and asked for help. Some people like Thorin don't understand that.

[Gitsnik]

First, he wasn't insulting you, he was expressing disbelief about your position, and postulating some situations which would - if you were doing what you are doing, legitimately - provide you with the right information to take to your boss (to close the port, to get funding for updated firmware to run ssh, or whatever). It is, incidentally, the same information I would have given you had I happened across the thread earlier. As would anyone else who posted here.

So yes, he who hath been here far longer than you is permitted to "insult" you, because he didn't actually insult you, he merely started to call BS. And no, you're not allowed to insult back, you've been here for less time than I have!
Edit: scratch that.

Also look, one can edit posts.

[lupin]

I also have to take probability into account. What is the liklihood that this traffic would be sniffed? It seems pretty unlikely. The risk is high, but the liklihood seems low.

Determing probability for IT related risks is always difficult - its always subjective and generally comes down to educated guesswork.

To determine probability of sniffing you have to consider who has access to the network path that any traffic going to that interface will travel over, and how much of that traffic there actually is. If administrators were accessing this over the Internet from their home machines (and I wouldnt assume this isnt happening based on the word of one administrator) you have to consider that anyone who has access their home networks, their ISPs network, your ISPs network, communication providers between ISPs and your network itself could potentialy be able to sniff this traffic. Out of all of those the home network would be the point of greatest concern for me, and that would be more because of the likely presence of malware on the home computer than a sniffing threat.

If this isnt happening it means that any sniffing would have to occur from your network or possibly any partner or ISP networks that may be connected (barring any accidental or deliberate routing errors that transferred the traffic elsewhere).

Also consider the frequency with which the switch administration interface may be accessed. If its anything like ours at work, it will hardly ever be accessed by a person, but there is a possibility that some sort of automated process may be connecting to gather information.

Considering all that, I dont think that the likelihood is very high of traffic sniffing actually occuring. If there are untrusted individuals who may have the level of access required to perform sniffing anywhere along the data path for this communication (administrators for partner networks, disgruntled internal staff, etc) you may have to revise this probability estimate though. You would be able to estimate this better than I could since you have more knowledge of your particular business.

Id be more worried about the fact that the administrative interface is open to the Internet and protected only by a password. Id rate that as a high probability of getting owned in the future (if it hasnt already happened).

Also, keep your chin up about the comments from thorin. He can be a little abrasive at times, but I dont think he meant to insult you, and his advice is generally good.

[humbleman]

First, he wasn't insulting you, he was expressing disbelief about your position, and postulating some situations which would - if you were doing what you are doing, legitimately - provide you with the right information to take to your boss (to close the port, to get funding for updated firmware to run ssh, or whatever). It is, incidentally, the same information I would have given you had I happened across the thread earlier. As would anyone else who posted here.

So yes, he who hath been here far longer than you is permitted to "insult" you, because he didn't actually insult you, he merely started to call BS. And no, you're not allowed to insult back, you've been here for less time than I have!
Edit: scratch that.

Also look, one can edit posts.

He knows he insults people and that is why his signature must justify it.

Determing probability for IT related risks is always difficult - its always subjective and generally comes down to educated guesswork.

To determine probability of sniffing you have to consider who has access to the network path that any traffic going to that interface will travel over, and how much of that traffic there actually is. If administrators were accessing this over the Internet from their home machines (and I wouldnt assume this isnt happening based on the word of one administrator) you have to consider that anyone who has access their home networks, their ISPs network, your ISPs network, communication providers between ISPs and your network itself could potentialy be able to sniff this traffic. Out of all of those the home network would be the point of greatest concern for me, and that would be more because of the likely presence of malware on the home computer than a sniffing threat.

If this isnt happening it means that any sniffing would have to occur from your network or possibly any partner or ISP networks that may be connected (barring any accidental or deliberate routing errors that transferred the traffic elsewhere).

Also consider the frequency with which the switch administration interface may be accessed. If its anything like ours at work, it will hardly ever be accessed by a person, but there is a possibility that some sort of automated process may be connecting to gather information.

Considering all that, I dont think that the likelihood is very high of traffic sniffing actually occuring. If there are untrusted individuals who may have the level of access required to perform sniffing anywhere along the data path for this communication (administrators for partner networks, disgruntled internal staff, etc) you may have to revise this probability estimate though. You would be able to estimate this better than I could since you have more knowledge of your particular business.

Id be more worried about the fact that the administrative interface is open to the Internet and protected only by a password. Id rate that as a high probability of getting owned in the future (if it hasnt already happened).

Also, keep your chin up about the comments from thorin. He can be a little abrasive at times, but I dont think he meant to insult you, and his advice is generally good.

Thanks again Lupin for your insights. I agree with all you are saying. yes, the public swith is hardly ever accessed at our company too. The log states the last change 6 months ago. Thanks again.

[Archangel-Amael]

He knows he insults people and that is why his signature must justify it.

First man drop it already. The point is if people here believe you are up to no good then they will call you on it. No one here will support the endeavors of someone who may be breaking the law ( or any for that matter).
And please don't bother replying back to the above it will just further my point.

Also use the "fricken" edit button on your posts, instead of making multiple posts in a row.