Penetration Testing mailing list archives
Re: Pen-Testing VPN
From: Matthew Franz <mdfranz () io com>
Date: Sun, 6 Apr 2003 18:49:46 -0500
The presentation is at http://www.io.com/~mdfranz/papers/howsecure.ppt and the last dozen or so slides deal with potential IKE security issues. I don't think the 12 byte issue was in the prezo, but similar malformed IKE/AH/ESP messages can be generated with udpsic and isic. - mdf
While I don't remember if it included tools, there was a paper on pen-testing an IPSEC gateway at the Cansecwest conference 2 years ago. The gist of it was that it is possible to cause a (defeatable) denial of service in the first 12 bytes of an initial connection it was otherwise pretty secure. That of course doesn't necessarily go for the management web interface on the VPN gateway (there was also a paper on penetrating those at the same conference). That should at least give you a place to start poking :-). I believe the web site is www.cansecwest.com (google will find it in any case). Peter Van Epp / Operations and Technical Support Simon Fraser University, Burnaby, B.C. Canada top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test
top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test
Current thread:
- Pen-Testing VPN Darren Beattie (Apr 03)
- RE: Pen-Testing VPN Rob Shein (Apr 03)
- Re: Pen-Testing VPN Peter Van Epp (Apr 03)
- Re: Pen-Testing VPN Matthew Franz (Apr 06)
- Re: Pen-Testing VPN Peter Van Epp (Apr 03)
- RE: Pen-Testing VPN Eric Hines (Apr 05)
- <Possible follow-ups>
- RE: Pen-Testing VPN Lambott (Apr 03)
- RE: Pen-Testing VPN Rob Shein (Apr 03)