Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Pentesting Old unsupported Firewall Appliances

From: "Michael Scheidell" <scheidell () secnap net>
Date: Tue, 12 Jun 2007 18:42:50 -0400



-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Harold Castro
Sent: Monday, June 11, 2007 4:56 AM
To: pen-test () securityfocus com
Subject: Pentesting Old unsupported Firewall Appliances


Hi,

I'm new in pen testing.
Recently, I came across this firewall appliance
running Apache/1.3.26 
(Unix) mod_dtcl mod_ssl/2.8.10 OpenSSL/0.9.7 during an
external pentest.


'came across'?

If this client has paid you to pen test this device, just look up the
hacks, download the scripts, exploit the hole, leave a file, gif or
create a subdirectory on the device to show user it is vulnerable.

Let user replace or update it, depending on budget and/or support level.
-- 
Michael Scheidell, CTO
SECNAP Network Security Corporation
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: