Re: Core Impact references

[ADT <synfinatic () gmail com>]

Transmission between gateways?  You mean like a router?  tcpreplay has
supported rewriting IP/MAC addresses to allow for forwarding through a
router or proxy-arp device for well over a year now.  True, it doesn't
support NAT gateways unless there is a 1:1 relationship between the
public/private addresses.  Although I can say with near certainty that
nobody has ever asked for that feature either.

"Guaranteed packet delivery" is impossible.  Resending a dropped
packet doesn't mean it will get through if that packet was dropped
intentionally by an inline device such as a firewall or IPS.
You can accomplish "best effort" and resend dropped packets, but
sooner or later you have to give up or fall into an infinate loop.

Either way, as I said earlier, I don't see tcpreplay or Traffic IQ
being really useful here.  Neither is appropriate for replaying
traffic generated by a security tool such as CoreImpact since you
can't use either to actually connect to a remote service or provide
any means to interpret the results other then a tedious manual
process.   Or did I miss that update? :)

On 11/12/05, Sam Johnson <sjohnson () karalon com> wrote:
> Excellent news.  When did TCP Replay support the transmission between
> gateways and address translation with guaranteed packet delivery?  I must
> have missed that update.
>
> SJ
>
>
>
> -----Original Message-----
> From: ADT [mailto:synfinatic () gmail com]
> Sent: 11 November 2005 19:28
> To: pen-test
> Subject: Re: Core Impact references
>
> If you're going to go through the effort of capturing/replaying
> traffic, you could also use tcpreplay.  While it doesn't have a pretty
> gui, it offers basically the same functionality for free.
>
> Honestly though, if you want to actually use CI against a set of
> hosts, then neither tcpreplay or Traffic IQ would seem to be up to the
> task since they're stateless and unable to establish TCP sessions to a
> target (both are designed to test inline firewalls/IPS or passive
> devices like IDS).  Flowreplay (part of tcpreplay 3.x) is supposed to
> fill that gap, but is still alpha quality at best right now.
>
> On 11/10/05, Tony Haywood <thaywood () karalon com> wrote:
> > Jason,
> >
> > Traffic IQ Pro has the ability to set a delay on a per packet or per
> traffic
> > file basis by up to 1 hour in minute, second and millisecond increments.
> >
> > If you are already using Core Impact but it is not providing this
> capability
> > then you could capture the output and import the captures into Traffic IQ
> > for replay.

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------