Penetration Testing: Re: [PEN-TEST] RAS PT

Penetration Testing mailing list archives

Re: [PEN-TEST] RAS PT

From: "Thompson, Stephen" <stephen () FISHNETSECURITY COM>
Date: Thu, 5 Oct 2000 17:12:09 -0500

I have used a tool before that allows sniffing on a RAS connection.  It may
be useful to you.  I have had problems getting it to work, but i may have an
old version and/or driver problems (I was using version 2.0).  The app is
called Distict Network Monitor (www.distinct.com).  It has a 30-day
evaluation period.  I don't know of any other RAS sniffers.

-----Original Message-----
From: Batten, Gerald [mailto:GBatten () EXOCOM COM]
Sent: Wednesday, October 04, 2000 1:14 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] RAS PT

I unfortunately have very little experience in doing any sort of PT on a RAS
box... let's assume it's an NT box.  Other than enforcing strong passwords
or maybe strong authentication via certificates or SecurID-type cards, what
else can I do to A) protect it, and B) run some sort of PT against it?

Gerald.

*Note: Views expressed in this e-mail are not necessarily those of my
employer.
**Note:  Views expressed in this e-mail are not necessarily mine either.

By Date By Thread

Current thread:

[PEN-TEST] RAS PT Batten, Gerald (Oct 04)
- Re: [PEN-TEST] RAS PT Nasir Farhat Khan (Oct 05)
- <Possible follow-ups>
- Re: [PEN-TEST] RAS PT Schwienteck, Matthew (Oct 05)
- Re: [PEN-TEST] RAS PT Thompson, Stephen (Oct 06)
- Re: [PEN-TEST] RAS PT Frank Knobbe (Oct 06)
- Re: [PEN-TEST] RAS PT H Carvey (Oct 06)
- Re: [PEN-TEST] RAS PT Batten, Gerald (Oct 09)
  - Re: [PEN-TEST] RAS PT Peter Van Epp (Oct 10)