You are here: Funzioni del Tecnico > I Network Injector > Cose da sapere su Appliance Control Center

What you should know about Appliance Control Center

Introduction

Appliance Control Center is an application installed on Network Injector Appliance.

In can infect devices in a wired network thanks to RCS identification and injection rules.

Appliance Control Center functions.

With Appliance Control Center you can:

Synchronization with RCS server

Appliance Control Center synchronizes with RCS to receive the updated infection rules and to check whether a new version of Appliance Control Center is available and send logs.

Synchronization can occur in two ways:

During synchronization, RCS communicates with Network Injector Appliance at set intervals of time (about 30 sec.).

In Appliance Control Center, decide when to enable synchronization using the Network Injector function.

Updating infection rules

If traffic generated by the target cannot be infected with the current rules, request operator assistance on RCS Console to generate new rules and update Network Injector. At the next synchronization, Appliance Control Center receives the new rules and they can be viewed and enabled for injection.

Using network interfaces

Two different network interfaces are available during an attack, one for sniffing and one for injection. Using two separate interfaces is indicated to guarantee continuity, especially for sniffing.

Sniffing interfaces can be high or low speed.

Injection interface IP address

If the Appliance server and target do not belong to the same sub-net (IP addresses with different routing prefixes), the injection interface must be a public address or the target will never be able to see it and the injection will fail.

In an initial phase you can use the preset address on the interface with Appliance Control Center (with Public IP= "auto"), wait for a message that indicates that the address is private and, in that case, set a public address to re-route the private address (Public IP = "xxx.xxx.xxx.xxx").

Sniffing, on the other hand, can be run via the network interface with a private IP address.

Infection via automatic identification

The steps needed to infect devices automatically identified by RCS rules are described below. The attack can only be made on wired networks:

Phase Description Where
1 Prepare identification and injection rules for known targets to be attacked. Send the rules to Network Injector RCS Console, System, Network Injectors
2 Enable synchronization with RCS to receive updated rules and enable the rules to be used for injection. Network Injector Appliance, Network Injector
3

The system sniffs traffic, identifies target devices thanks to identification rules and infects them thanks to injection rules.

Network Injector Appliance, Network Injector
Infection via automatic identification

This work mode is suited for situations when some target device information is known (i.e.: IP, MAC or RADIUS address).

In this case, RCS injection rules include all the data required to automatically identify target devices. Only enable all rules required at that time for each injection.

Starting automatic identification using the Network Injector function gradually displays target devices that are immediately infected by the injection rules.

Remote access to Appliance Control Center

Appliance Control Center can also be remotely accessed. To learn more, see "What you should know about Control Center remote access".

RCS9.4 | User's Guide | © COPYRIGHT 2014