Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances

[mOses <trklisted () networksamurai org>]

Actually while everyone is on this topic. Anyone have any thoughts on
how to approach firewall leak testing?

mOses shift 2 networksamurai period org

Tiago Batista wrote:
> On Mon, 11 Jun 2007 01:56:00 -0700 (PDT)
> Harold Castro <b0ydaem0n () yahoo com> wrote:
>
>
>   
> > If all else fails, do you tell the customer that it is
> > safe to ignore those warnings and vulnerabilities
> > because you, on a hacker's perspective, was not able
> > to penetrate the network by making use of those
> > vulnerabilities found, that the hacker might have a
> > hard time as well and eventually opt for another
> > target?
> >     
>
> I am no security expert, but security by obscurity does not seem the way to go! The fact that you did not find any 
> good documentation does not imply that some old hacker with a grudge against your client does not have the full docs 
> in his basement!
>
>
> Tiago
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Are you using SPI, Watchfire or WhiteHat?
> Consider getting clear vision with Cenzic
> See HOW Now with our 20/20 program!
>
> http://www.cenzic.com/c/2020
> ------------------------------------------------------------------------
>
>   


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------