Penetration Testing mailing list archives
Re: Pentesting VPN-SSL system
From: okrehel () loews com
Date: Mon, 7 Aug 2006 11:39:57 -0400
Nestor, Do you know if that is Cisco VPN concentrator or Cisco ASA? (TTL is different, etc...) They have different code and different problems depending on the version of the code. Also, do you know what type of authentication they use? (AD, NT, RSA, Radius etc...) As a start, look at the SSLdigger from foundstone: http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/ssldigger.htm Ondrej Krehel, CISSP, CEH Nestor Burma <goudron_et_plume s () yahoo fr> To pen-test () securityfocus com 08/07/2006 07:37 cc AM Subject Pentesting VPN-SSL system Hello, I'm currently pentesting one of our customers network. He has, among lots of other stuff, a CISCO VPN-SSL configuration. Does anyone of you have any hints on how shaking this kind of stuff ? Tia, Nb ___________________________________________________________________________ Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. http://fr.answers.yahoo.com ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------ ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Pentesting VPN-SSL system Nestor Burma (Aug 07)
- Re: Pentesting VPN-SSL system okrehel (Aug 07)
- RE : Re: Pentesting VPN-SSL system Nestor Burma (Aug 10)
- Re: Pentesting VPN-SSL system okrehel (Aug 07)