Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Nortel Contivity 2600
From: Samir Pawaskar <samirp () eim ae>
Date: Sun, 04 Sep 2005 14:39:44 +0400

I am facing a similar position, however my vendor insists that Nortel VPN
has to be in Internet .. It cannot use natted IP..

I do not exactly buy this suggestion but am still looking for conclusive
evidence to confront him with this..

Any help appreciated

Regards

Samir

----- Original Message ----- 
From: "Rodrigo Blanco" <rodrigo.blanco.r () gmail com>
To: <camfischer () gmail com>
Cc: <pen-test () securityfocus com>
Sent: Saturday, September 03, 2005 3:04 PM
Subject: Re: Nortel Contivity 2600


Hello,

I would think of DoS at first (certain versions of the Conctivity have
DoS vulnerabilities).

Although its VXworks architecture seems very robust, it does not look
right to me to have a VPN concentrator directly accessible on the
Inernet, why not place it in a DMZ (firewall protection makes sense,
and so does IDS/IPS)?

By the way, bear in mind Contivity also has a firewall module that can
run on its same platform, this could be very reccomendable if you are
to place it directly on the Internet.

Hope this helps,
Rodrigo.

On 9/1/05, Cam Fischer <camfischer () gmail com> wrote:
Hi list!

I am looking for good reasons why I should move a Nortel Contivity
2600 VPN device behind a firewall.

Currently the device sits on the internet, and is used for VPN traffic
from other offices, and also for VPN dial-in users.

Are there any risks with this configuration? What comments can be made
around whether or not I should be placing this behind the firewall /
IDS....

Thanks!


----------------------------------------------------------------------------
--
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault