[Pauldotcom] pixieboot attack
robin at digininja.org
Mon Jan 16 15:25:43 UTC 2012
On 16 January 2012 15:10, Mike Patterson <mike at snowcrash.ca> wrote:
> On 12-01-16 4:38 AM, Robin Wood wrote:
>> Has anyone done this? Do organisations use PXE boot on network machines?
> I've thought about it, mostly from the "how to prevent it" perspective.
> The most feasible answer I came up with is "hope it doesn't happen."
> I don't know about other organisations, but some places I've worked use
> it. They tend to enable it only for machine installation, and disable it
> again afterwards. The one group I was with that made heavy use, we had a
> separate VLAN just for this. Enable PXE, change the VLAN, boot /
> reinstall, disable PXE, change the VLAN back.
> I don't know what might break if you blocked the bits that PXE needs to
> properly work on non-"reinstall" networks, but that could be a mitigation.
So seeing as it may be a valid attack, anyone fancy writing Pixieboot
to take advantage of this attack?
More information about the Pauldotcom