Penetration Testing mailing list archives
RE: Layer 3 and Firewall
From: "Paul Melson" <pmelson () gmail com>
Date: Fri, 6 Oct 2006 10:47:05 -0400
-----Original Message----- Subject: RE: Layer 3 and Firewall
Has anyone here actually used VLAN hopping in a pen-test. Although I've
played with it in a lab I've
never actually done in an audit as (at least for me) I found it HEAVILY
dependent upon terrible switch
configuration.
That or older switch hardware/firmware.
Also another concern is these enterprise multi-layer switches - like we
had 4 6509 switches with
redundant paths out. I just can't see doing that kind of stuff and risking
taking down the ENTIRE
network. What do you guyz think?
Instead of assessing the live switches, it's often easier to get a similar model switch loaded with the same firmware and configuration and test it in an isolated environment. It's not perfect, but it's close enough to be worth doing, especially where scheduling down time for core switches is difficult if not impossible. PaulM ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Layer 3 and Firewall dubaisans dubai (Oct 05)
- RE: Layer 3 and Firewall Paul Melson (Oct 05)
- RE: Layer 3 and Firewall Joseph McCray (Oct 06)
- RE: Layer 3 and Firewall Paul Melson (Oct 06)
- Re: Layer 3 and Firewall dubaisans dubai (Oct 06)
- Re: Layer 3 and Firewall DaKahuna (Oct 07)
- Re: Layer 3 and Firewall Rocky (Oct 25)
- Re: Layer 3 and Firewall FITNC--Kelvin Tarver (Oct 26)
- RE: Layer 3 and Firewall Joseph McCray (Oct 06)
- RE: Layer 3 and Firewall Paul Melson (Oct 05)
- <Possible follow-ups>
- RE: Layer 3 and Firewall Starkey, Kyle (Salt Lake City) (Oct 19)