Appliance Control Center is an application installed on Network Injector Appliance.
In can infect devices in a wired network thanks to RCS identification and injection rules.
With Appliance Control Center you can:
Appliance Control Center synchronizes with RCS to receive the updated infection rules and to check whether a new version of Appliance Control Center is available and send logs.
Synchronization can occur in two ways:
During synchronization, RCS communicates with Network Injector Appliance at set intervals of time (about 30 sec.).
In Appliance Control Center, decide when to enable synchronization using the Network Injector function.
If traffic generated by the target cannot be infected with the current rules, request operator assistance on RCS Console to generate new rules and update Network Injector. At the next synchronization, Appliance Control Center receives the new rules and they can be viewed and enabled for injection.
Two different network interfaces are available during an attack, one for sniffing and one for injection. Using two separate interfaces is indicated to guarantee continuity, especially for sniffing.
Sniffing interfaces can be high or low speed.
If the Appliance server and target do not belong to the same sub-net (IP addresses with different routing prefixes), the injection interface must be a public address or the target will never be able to see it and the injection will fail.
In an initial phase you can use the preset address on the interface with Appliance Control Center (with Public IP= "auto"), wait for a message that indicates that the address is private and, in that case, set a public address to re-route the private address (Public IP = "xxx.xxx.xxx.xxx").
Sniffing, on the other hand, can be run via the network interface with a private IP address.
The steps needed to infect devices automatically identified by RCS rules are described below. The attack can only be made on wired networks:
Phase | Description | Where |
---|---|---|
1 | Prepare identification and injection rules for known targets to be attacked. Send the rules to Network Injector | RCS Console, System, Network Injector |
2 | Enable synchronization with RCS to receive updated rules and enable the rules to be used for injection. | Network Injector Appliance, Network Injector |
3 |
The system sniffs traffic, identifies target devices thanks to identification rules and infects them thanks to injection rules. |
Network Injector Appliance, Network Injector |
This work mode is suited for situations when some target device information is known (i.e.: IP, MAC or RADIUS address).
In this case, RCS injection rules include all the data required to automatically identify target devices. Only enable all rules required at that time for each injection.
Starting automatic identification using the Network Injector function gradually displays target devices that are immediately infected by the injection rules.
Remote access to Appliance Control Center
Appliance Control Center can also be remotely accessed. To learn more, see "What you should know about Control Center remote access".
RCS9.3 | User's and Installation Guide | © COPYRIGHT 2013