The sensitive data is encrypted, but if a user surfs to http://www.google.com, an attacker with the ability to inject packets could easily add an exploit to the page. Assuming the exploit payload was a reverse shell that connects over 443 back to the attacker's evil server, now that attacker has a foothold on the network. Even if our IDS caught an obvious exploit, the attacker could inject the BeEF code which wouldn't likely be detected.
But that's only possible IF the attacker can intercept/inject packets over the coax. In other words, I'm not so much concerned about the data that's leaving. It's good. I'm concerned about allowing an attacker in which could eventually lead to gaining access to the data before it is encrypted. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Josh Olson Sent: Thursday, April 02, 2009 3:17 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] security concerns with cable splitters On Thu, Apr 2, 2009 at 4:10 PM, Nathan Sweaney <[email protected]> wrote: > All sensitive data is encrypted, but I'm concerned that if the > attacker is able to intercept/inject packets, he could infiltrate the > system using something like BeEF of any old exploit that would then > let him pivot & attack the data from the inside before it gets encrypted. Maybe I'm misunderstanding what you're saying here. But it seems like the data should be encrypted before it reaches the cable modem on the way out. This based on the assumption that the cable modem is plugged into some sort of router, and all sensitive traffic is encrypted (through some other means) prior to routing. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
