Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Saprouter audit
From: Jan van Rensburg <jan.van.rensburg () epiuse com>
Date: Wed, 13 Sep 2006 09:21:54 +0200

Hi Prashant,

Saprouter is closed source software for a closed spec protocol. Therefor pentesting will take some manual labour. Depending on how much time you want to put into this, you could do some reverse engineering and try the usual suspects - buffer overflows etc.

This might be a useful starting point:
http://www.ccc.de/congress/2004/fahrplan/event/26.de.html

Quote from the site: "Most hackers perceive SAP R/3 installations as enormous data graves with limited hack value because of its immense size and doubtful design. However, there are usually lots of company relevant data. As it is good and common practise, the more valuable the data, the less it is protected."

Considering how crucial SAP can be to businesses who own it, the security community would probably do their clients a huge service by really getting to grips with SAP.

Regards,
Jan

On 12 Sep 2006, at 8:06 AM, prashant.gawade () paladion net wrote:

Hi all



During penetration testing I found port 3299 is open on the serve.Research shows me that this port is open on saprouter.

To give more information about saprouter

It provides additional level of security to sap servers.We can set rules like normal cisco router on saprouter.It act like proxy for people connecting to the sap servers.



I am looking for information like

Penetration testing on sap router

Things we can test on port 3299



Prashant Gawade

Information Security Consultant

Paladion Networks

Navi Mumbai

India


---------------------------------------------------------------------- --
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
---------------------------------------------------------------------- --


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]