Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] Recourse Tech. and Manhunt

From: Rainer Duffner <duffner () FH-KONSTANZ DE>
Date: Fri, 16 Feb 2001 06:03:18 +0100
On Thu, 15 Feb 2001, Jonathan S. Keim wrote:


hi all,

does anyone have information on the recourse technologies product
"manhunt" or anything else that's not on their web pages?


The vulnerabilities 1908,1909 and 1913 in the database do count, too ?


(for those that don't want to go to www.recourse.com and read up on the
product.  there's also some info in the pen-test archives starting
10/2/00.)

what i'm really interested in is manhunt's dependence on other manhunt
products, as well as network infrastructure.  the FAQ says that each
manhunt monitor can communicate with other manhunts upstream and
downstream to coordinate information gathering and to perform tracing of
a denial of service attack.  this seems like it has a real vulnerability
from saturation of the communication links between up/downstream
monitors...


This is always a problem with remotely managed kit, IMHO.
Even if you have a management-network dedicated to the task, the amount
of traffic can be quiet large.
If you (or someone else) can DoS the management-network, there's not
much left to do. See a recent slashdot-piece on the attack on undernet
and what it did to their network as a whole.

ciao,
Rainer
--
========================================
 Rainer Duffner , Konstanz, Germany
 eMail:  duffner () fh-konstanz de
       rainer.duffner () surf24 de
http://www-stud.fh-konstanz.de/duffner/
========================================
Previous By Date Next
Previous By Thread Next

Current thread: