Penetration Testing mailing list archives

Re: rose fragmentation attack

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Fri, 6 Jul 2007 16:36:43 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 27 Jun 2007, Jay wrote:

        [SNIP]


Its better they know they are susceptable to DoS in a penetration test vs. when their site is offline for hours/days 
when a botnet comes a knocking.

I don't know, I take that statement as kinda a DUH! There are few if anysites that are not susceptable to DoS. And there are few if any sitesthat have a real, full, replicated mirror of their network in place to doan exact test of their production setup.





Thanks,

Ron DuFresne

- --~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
Key fingerprint = 9401 4B13 B918 164C 647A  E838 B2DF AFCC 94B0 6629

...We waste time looking for the perfect lover
instead of creating the perfect love.

                -Tom Robbins <Still Life With Woodpecker>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFGjqfest+vzJSwZikRAjbXAJ9eXVgl2upIkPjeKQymXOWbOPwUSACg0YhE
CdXfur2SOGpe32rIdHpVvSw=
=KCnF
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

Current thread:

Re: rose fragmentation attack R. DuFresne (Jul 06)
- <Possible follow-ups>
- Re: rose fragmentation attack Jay (Jul 09)
  - Re: rose fragmentation attack R. DuFresne (Jul 10)