Thursday, March 5, 2015

Mobile security and discovery beaware

When you are using a open or any foreign wifi-service like at a cafe hotspot or the hotel, you could be  presenting  yourself for exposure by bonjour types of discovery.

Take a list of machines located at a hotel that I recently stayed at in Spain;


And here's a listing of devices found from afp-server services;


And even printers are exposed;



One thing that you need to considered, most hotSpot implementation filter ipv4 unicast to unicast traffic by isolation, but they don't so so great up a job nor should be trusted to filter ipv6. Take a simple trick of a ipv6-mlticast ping to the ALL-HOST and look at what I discovered ( ff02::1 )



Now I have a list of  ipv6 hosts that I can probe or attack;


And you can check for open shares with no logins by using the link-local address of the target ;

e.g

afp:[fe80::1cbb:deef:837b:3401]

Just a few concerns that you should be aware when using the  local WiFi access at that Airport/Cafe/Hotel/etc......

Now you can do some things to  reduce this;


   disable mDNS
   ensure your local firewall is enabled
   disable all services on wifi nic that would expose services
   install a local end-point control application
   ensure passwords for everthing ( no guest accounts )
   and deploy very strong pass-phrases


Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
        o 
       /  \


No comments:

Post a Comment