Penetration Testing mailing list archives
Re: [PEN-TEST] X25, all but forgotten?
From: Peter Van Epp <vanepp () SFU CA>
Date: Wed, 30 Aug 2000 08:45:27 -0700
We try to suggest to our client to test their X.25 but most of them do not seem to be interested in that. Strange considering that quite often the X.25 link will be behind the firewall.
If war stories help, as part of a successful criminal prosecution for cracking back around 1993 the cracker our way broke in to a US site considered secure from the Internet side (to boast about the breakin on IRC) by going from us (through 5 other broken sites) out an open outdial modem pool at a US university (which never did get shutdown as far as I know despite requests from CERT) in to a local X.25 pad and then in to the secure machine and out its Internet port. I had to get management approval to release edited copies of our log files to the site to convince them that they had been hacked. Their response, (correct as far as it went) was along the lines "that machine is secure from the Internet, you've been fooled by IRC spoofing" (the log files were eye opening to say the least ...).
Current thread:
- [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? edison (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Vanja Hrustic (Aug 29)
- <Possible follow-ups>
- Re: [PEN-TEST] X25, all but forgotten? Masse, Robert (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Frasnelli, Dan (Aug 29)
- Re: [PEN-TEST] X25, all but forgotten? Emmanuel Gadaix (Aug 30)
- Re: [PEN-TEST] X25, all but forgotten? Peter Van Epp (Aug 30)
- Re: [PEN-TEST] X25, all but forgotten? Alfred Huger (Aug 29)