Penetration Testing mailing list archives
Re: Pen Testing Tippingpoint
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Mon, 11 Jun 2007 13:59:28 +0300
Hello, Disclaimer: I've never set foot close to such a device. Only think I could find... http://www.securityfocus.com/bid/23644 However keep in mind that in the world of vulnerabilities the aforementioned is considered dated (25/04/2007). You can get some general ideas on how such devices are built from Dennis Cox's presentation at CanSecWest06 "Insiders View: Network Security Devices". If I were you I would start playing with its protocol "dissectors" first, via fuzzing a server(s), and see what I can get out of that. Also I would look for deployment vulnerabilities such as default usernames and passwords (if such exists), secure protocols in management interfaces, SSLv2 vs SSLv3, SNMPv3 vs SNMPv(1|2), etc... What is your goal(s) in this pen-test? Crashing it, delaying the processing of packets and hence letting an attack slip in, compromising the device administration? Good luck. ZQ On 6/10/07, TStark <stark.ironman () gmail com> wrote:
Hello, I am planning on pen testing a Tippingpoint appliance, I think it's a 200e, I'm looking for some suggestions on what to use to pen test this thing. I haven't found a Nessus plug in to help test this appliance, I'd bet there is one out there somewhere. Any information to help me test/penetrate Tippingpoint would be very helpful, I'd like to make sure we test this thing well before we shell out that kind of dough. TIA! Tony ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
-- --------------------------------------------------------------------- Κρέων ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον. Οιδίπους Τύρρανος [110] --------------------------------------------------------------------- Creon In this our land, so said he, those who seek Shall find; unsought, we lose it utterly. Oedipus Rex [110] ---------------------------------------------------------------------
Current thread:
- Pen Testing Tippingpoint TStark (Jun 10)
- Re: Pen Testing Tippingpoint Zed Qyves (Jun 11)
- Re: Pen Testing Tippingpoint John Lampe (Jun 15)
- <Possible follow-ups>
- RE: Pen Testing Tippingpoint Michael Scheidell (Jun 10)
- RE: Pen Testing Tippingpoint Clemens, Dan (Jun 11)
- Re: Pen Testing Tippingpoint Joey Peloquin (Jun 15)
- Re: Pen Testing Tippingpoint TStark (Jun 19)
- RE: Pen Testing Tippingpoint WALI (Jun 15)
- RE: Pen Testing Tippingpoint Jeremiah Brott (Jun 11)