Re: [PEN-TEST] 2 quick questions

["Skinner, Tim L." <tskinner () LARSONALLEN COM>]

Well I've got an obscure real world example of compromising a router.  This
particular client had a FR PVC to the internet combined with their private
network that ran through the same router, by design of course.  Anyway this
particular router did FR switching to set up a FR link to carry their
private data AROUND their internet firewall.  Well anyway, telnet was open
and not being logged, so after a while, I guessed the password and bypassed
their firewall and had access to their internal network without even being
noticed.  As to your second question, I believe that has been answered
already.

Tim Skinner, CISSP
LarsonAllen eSource
voice: 612-397-3176
fax:    612-397-3276


-----Original Message-----
From: Leon Rosenstein [mailto:l_rosenstein () MONTELSHOW COM]
Sent: Friday, December 15, 2000 8:55 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] 2 quick questions


Hi everyone I was curious about two things as far as pen testing goes.

First is I was curious about routers:  If a network has a router (a hardware
one, not a computer running Linux or NT).  Is there anything to be gained
from breaking into the router through one of the remote administration
points?  Is this thus a fruitless exercise or is there something to show the
customer or gain yourself if you are auditing your network's security?

Second I was curious about social engineering.  Is this considered "fair
play?"  Is it discussed in advance?  If you're allowed to do it how far do
you take it?  Do you take it the point where you do a mass mailing of BO or
Sub 7 to show the owners of the network how vulnerable they are to this flaw
(because isn't social engineering kind of a flaw even though it is a human
one?)  Or do you just stop with tricking them into revealing user names and
passwords?

I am not pen testing, I was just thinking about these things before I fell
asleep last night and I was curious.

Anyway public or private responses welcome.

Thanks.