Penetration Testing mailing list archives

Re: Pen Testing Tippingpoint

From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Mon, 11 Jun 2007 13:59:28 +0300

Hello,

Disclaimer: I've never set foot close to such a device.

Only think I could find...

http://www.securityfocus.com/bid/23644

However keep in mind that in the world of vulnerabilities the
aforementioned is considered dated (25/04/2007).

You can get some general ideas on how such devices are built from
Dennis Cox's presentation at CanSecWest06 "Insiders View: Network
Security Devices".

If I were you I would start playing with its protocol "dissectors"
first, via fuzzing a server(s), and see what I can get out of that.

Also I would look for deployment vulnerabilities such as default
usernames and passwords (if such exists), secure protocols in
management interfaces, SSLv2 vs SSLv3, SNMPv3 vs SNMPv(1|2), etc...

What is your goal(s) in this pen-test? Crashing it, delaying the
processing of packets and hence letting an attack slip in,
compromising the device administration?

Good luck.

ZQ


On 6/10/07, TStark <stark.ironman () gmail com> wrote:

Hello,

I am planning on pen testing a Tippingpoint appliance, I think it's a
200e, I'm looking for some suggestions on what to use to pen test this
thing.
I haven't found a Nessus plug in to help test this appliance, I'd bet
there is one out there somewhere.

Any information to help me test/penetrate Tippingpoint would be very
helpful, I'd like to make sure we test this thing well before we shell
out that kind of dough.

TIA!

Tony

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------



--
---------------------------------------------------------------------
Κρέων
ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον
ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.
Οιδίπους Τύρρανος [110]
---------------------------------------------------------------------
Creon
In this our land, so said he, those who seek  Shall find; unsought, we
lose it utterly.
Oedipus Rex [110]
---------------------------------------------------------------------

Current thread:

Pen Testing Tippingpoint TStark (Jun 10)
- Re: Pen Testing Tippingpoint Zed Qyves (Jun 11)
- Re: Pen Testing Tippingpoint John Lampe (Jun 15)
- <Possible follow-ups>
- RE: Pen Testing Tippingpoint Michael Scheidell (Jun 10)
  - RE: Pen Testing Tippingpoint Clemens, Dan (Jun 11)
  - Re: Pen Testing Tippingpoint Joey Peloquin (Jun 15)
    - Re: Pen Testing Tippingpoint TStark (Jun 19)
  - RE: Pen Testing Tippingpoint WALI (Jun 15)
- RE: Pen Testing Tippingpoint Jeremiah Brott (Jun 11)