![]() ![]() On the network packet level, when local machine (Host A) request the URL or from the browser, the request traffic is routed to the intermediate device’s (Firewall / Router) IP “10.0.2.2” then it act as a forward proxy, behalf of local machine’s (Host A) loopback IP (127.0.0.1) / LAN IP (192.169.1.2), it forwards the traffic to destination machine (Host B). To detect the live anomaly, run Wireshark on the destination machine (Host B), to understand the network patterns. Where there is an abuse, there should be detection too. Network Capture using Wireshark on destination machine (Host B) This way attackers can hide their own identity internally even though they are controlling the compromised machine from outside. New local port forwarding rules are created where attacker mapped his/her machine loopback IP to pull the data from destination machine. Using brute force attack or default credentials or any public exploit (brand based) on the intermediate firewall / router, attacker got the access to that. Somehow attacker tried hard to collect details regarding IP address of the machine where companies’ sensitive resources are present. Attacker now wants to access a resource which is behind a firewall / router in the organization intranet. Let’s think this same concept in the perspective of security like how an attacker/cybercriminal would make us of this and in which scenario / situation.Īssume that attacker already got a shell from an internal asset using a simple technique called Phishing. The above illustrated demo is all based on normal business or individual use of local port forwarding. You all would be thinking why do we need to create a rule for routing traffic to local machine (Host A)’s loopback IP (127.0.0.1).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |