Re: [PEN-TEST] Tandems ?

[Marc Kneppers <marc.kneppers () TRIPEZE COM>]

Not a lot of info to contribute, but ...

> From my experience (about 4 years ago):

Tandems tend to come in a few flavours, one of them being a (relatively)
standard UNIX OS - so these are subject to the same UNIX vulnerabilities
everyone else has. Check the OS. (I remember old sendmail versions, user
accounts like 'shutdown' etc without passwords by default).

Also, the UNIX boxes that I worked on were heavily monitored for hardware
failures and come with monitors which are used to dial-out and request
replacement hardware components (depending on the level of support). They
can also be configured for dial-in support by Tandem. This is obviously a
potential hole/access point. This might also apply to the non-UNIX boxes.

-MArc

-----Original Message-----
From: Rick Redman [mailto:redmanr () MINGA COM]
Sent: Monday, August 14, 2000 3:45 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Tandems ?


I've recently been tasked to do a HUGE assessment of a large network.
On this network, they have quite a few tandems (www.tandem.com).

The question is, any one have/know of any tools or documentation that
might help a person who needs to do any sort of security audit of one of
these?

I've searched the web like crazy, and good luck finding any decent books on
Tandems at amazon/fatbrain.

Thanks for any help.

-Minga
www.minga.com