Penetration Testing mailing list archives
Re: Pen Testing Tippingpoint
From: John Lampe <jwlampe () tenablesecurity com>
Date: Tue, 12 Jun 2007 11:06:27 -0500
TStark wrote:
Hello, I am planning on pen testing a Tippingpoint appliance, I think it's a 200e, I'm looking for some suggestions on what to use to pen test this thing. I haven't found a Nessus plug in to help test this appliance, I'd bet there is one out there somewhere. Any information to help me test/penetrate Tippingpoint would be very helpful, I'd like to make sure we test this thing well before we shell out that kind of dough.
I think you'll want to look at traffic processed at the device, but not destined for the device. Look at stuff like: stream reassembly fragmentation encoding/decoding compression Look at the protocols that it supports and then think about ways it would be really, really easy to mishandle those protocols. Nessus is a great tool, but I think you would be better off using Nessus with dangerous checks and scanning a machine that is *protected* by the Tippingpoint device. I'd recommend the same with a protocol fuzzer. just my .02. have fun. -- John Lampe Senior Security Researcher TENABLE Network Security, Inc. jwlampe@{nessus.org,tenablesecurity.com} Tele: (410) 872-0555 www.tenablesecurity.com Is your network TENABLE? --------------------------------------- ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Pen Testing Tippingpoint TStark (Jun 10)
- Re: Pen Testing Tippingpoint Zed Qyves (Jun 11)
- Re: Pen Testing Tippingpoint John Lampe (Jun 15)
- <Possible follow-ups>
- RE: Pen Testing Tippingpoint Michael Scheidell (Jun 10)
- RE: Pen Testing Tippingpoint Clemens, Dan (Jun 11)
- Re: Pen Testing Tippingpoint Joey Peloquin (Jun 15)
- Re: Pen Testing Tippingpoint TStark (Jun 19)
- RE: Pen Testing Tippingpoint WALI (Jun 15)
- RE: Pen Testing Tippingpoint Jeremiah Brott (Jun 11)