4
Suppose an attacker connects their computer with an Ethernet cable to a black box computer, which supports both TCP and UDP, over IPv4, over Ethernet. Direct connection, no switches in the loop.
The black box never initiates any communications. Its IP address is fixed.
Is there anything in these communication protocols which allows them to find out what IP address the box has, short of a brute force attack? Some binary equivalent of "Hey, what's your IP address?"? Or something more subtle, but still (ab)usable?
Emilio M Bumachar
Posted 2015-06-03T20:06:49.017
Reputation: 235
Small technicality - to connect two computers directly without a switch you will need a crossover cable, not a regular Ethernet cable. – tlng05 – 2015-06-03T20:55:05.663
you say it never initiates communications, but if it responds in any way (ie has a normal TCP stack) then you will have its MAC address and IP address. – Rory Alsop – 2015-06-03T21:14:41.230
@RoryAlsop I think the question is about how you can get it to send a response if you don't know its IP address to send it a request. – tlng05 – 2015-06-03T21:42:26.663
...broadcast...no? – Rory Alsop – 2015-06-03T21:49:15.000
@RoryAlsop If you know of a specific type of broadcast message that the black box machine is guaranteed to respond to, I think that would be a pretty good solution. – tlng05 – 2015-06-03T22:09:12.707
Can you run a packet capture on the "public" interface to see if checks for any updates? Powercycle the device while having the capture running. – user2320464 – 2015-06-04T06:54:51.503