Penetration Testing mailing list archives
Re: Nortel Contivity 2600
From: Samir Pawaskar <samirp () eim ae>
Date: Sun, 04 Sep 2005 14:39:44 +0400
I am facing a similar position, however my vendor insists that Nortel VPN has to be in Internet .. It cannot use natted IP.. I do not exactly buy this suggestion but am still looking for conclusive evidence to confront him with this.. Any help appreciated Regards Samir ----- Original Message ----- From: "Rodrigo Blanco" <rodrigo.blanco.r () gmail com> To: <camfischer () gmail com> Cc: <pen-test () securityfocus com> Sent: Saturday, September 03, 2005 3:04 PM Subject: Re: Nortel Contivity 2600 Hello, I would think of DoS at first (certain versions of the Conctivity have DoS vulnerabilities). Although its VXworks architecture seems very robust, it does not look right to me to have a VPN concentrator directly accessible on the Inernet, why not place it in a DMZ (firewall protection makes sense, and so does IDS/IPS)? By the way, bear in mind Contivity also has a firewall module that can run on its same platform, this could be very reccomendable if you are to place it directly on the Internet. Hope this helps, Rodrigo. On 9/1/05, Cam Fischer <camfischer () gmail com> wrote:
Hi list! I am looking for good reasons why I should move a Nortel Contivity 2600 VPN device behind a firewall. Currently the device sits on the internet, and is used for VPN traffic from other offices, and also for VPN dial-in users. Are there any risks with this configuration? What comments can be made around whether or not I should be placing this behind the firewall / IDS.... Thanks!
---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Nortel Contivity 2600 Cam Fischer (Sep 02)
- Re: Nortel Contivity 2600 Rodrigo Blanco (Sep 03)
- Re: Nortel Contivity 2600 Samir Pawaskar (Sep 05)
- Re: Nortel Contivity 2600 Rodrigo Blanco (Sep 05)
- Re: Nortel Contivity 2600 Samir Pawaskar (Sep 05)
- <Possible follow-ups>
- RE: Nortel Contivity 2600 Dario Ciccarone (dciccaro) (Sep 05)
- Re: Nortel Contivity 2600 misiu (Sep 06)
- Re: Nortel Contivity 2600 Volker Tanger (Sep 06)
- RE: Nortel Contivity 2600 Dario Ciccarone (dciccaro) (Sep 07)
- RE: Nortel Contivity 2600 Kyle Starkey (Sep 08)
- Re: Nortel Contivity 2600 Rodrigo Blanco (Sep 11)
- RE: Nortel Contivity 2600 Kyle Starkey (Sep 08)
- Re: Nortel Contivity 2600 Rodrigo Blanco (Sep 03)