WWN Spoofing Attack

WWN Spoofin Attack proof of concept.

With WWN zoning, the WWN of a HBA is used to authorize the client nodes to the FC Switch and let the client communicate within the regarding WWN-Zone. A WWN number can be changed. By spoofing a WWN we can gain unauthorized access to data that has been allocated to the spoofed WWN.

In this example two Windows servers with 2 LUNs attached each are zoned using WWN zoning. After spoofing the WWN and a reboot of one server, he sees the other servers SAN storge.

This WWN spoofing attack was done within the Bachelor Thesis of Joel Spirgi and Luis Lozano.

Category:

Science & Technology

Tags:

• WWN
• Spoofing
• pWWN
• wWWN
• WWNN
• WWPN
• SAN
• Security
• Storage
• Fibre
• Channel
• FC
• Hacking
• Hack
• Angriff
• Attack
• Attacke
• LUN
• Zoning
• Masking
• BFH
• Berner
• Fachhochschule
• TI
• Bachelor
• Thesis
• Emulex
• HBA
• change
• Joel
• Spirgi
• Luis
• Lozano

License:

Standard YouTube License