Penetration Testing mailing list archives
RE: Saprouter audit
From: "Ali-Reza Anghaie" <ali () packetknife com>
Date: Tue, 12 Sep 2006 21:06:21 -0400
SAPRouter is not protocol aware AFAIK. At least the versions I've had experience with. Frequently I've found SAPRouters to also route other ports or even route non-SAP traffic on 3299. I've found many SAPRouters with "* *" lines to subnets, a brilliant gap. It's distinctly possilble you also connected directly to a SAP box, not a SAPRouter. If you think you've really found a SAPRouter then do some active footprinting to see if it's being used for load-balancing. Or see if you have figure out how many SAP instances are available through that router (production, test, quality). I intend to write a posting on the topic sometime soon. SAPRouter is a huge annoyance of mine. -Ali -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of prashant.gawade () paladion net Sent: Tuesday, September 12, 2006 2:07 AM To: pen-test () securityfocus com Subject: Saprouter audit Hi all During penetration testing I found port 3299 is open on the serve.Research shows me that this port is open on saprouter. To give more information about saprouter It provides additional level of security to sap servers.We can set rules like normal cisco router on saprouter.It act like proxy for people connecting to the sap servers. I am looking for information like Penetration testing on sap router Things we can test on port 3299 Prashant Gawade Information Security Consultant Paladion Networks Navi Mumbai India ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php ------------------------------------------------------------------------
Current thread:
- Saprouter audit prashant . gawade (Sep 12)
- RE: Saprouter audit Ali-Reza Anghaie (Sep 13)
- Re: Saprouter audit Jan van Rensburg (Sep 13)