Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pen Testing Tippingpoint
From: "Zed Qyves" <zqyves.spamtrap () gmail com>
Date: Mon, 11 Jun 2007 13:59:28 +0300


Disclaimer: I've never set foot close to such a device.

Only think I could find...


However keep in mind that in the world of vulnerabilities the
aforementioned is considered dated (25/04/2007).

You can get some general ideas on how such devices are built from
Dennis Cox's presentation at CanSecWest06 "Insiders View: Network
Security Devices".

If I were you I would start playing with its protocol "dissectors"
first, via fuzzing a server(s), and see what I can get out of that.

Also I would look for deployment vulnerabilities such as default
usernames and passwords (if such exists), secure protocols in
management interfaces, SSLv2 vs SSLv3, SNMPv3 vs SNMPv(1|2), etc...

What is your goal(s) in this pen-test? Crashing it, delaying the
processing of packets and hence letting an attack slip in,
compromising the device administration?

Good luck.


On 6/10/07, TStark <stark.ironman () gmail com> wrote:

I am planning on pen testing a Tippingpoint appliance, I think it's a
200e, I'm looking for some suggestions on what to use to pen test this
I haven't found a Nessus plug in to help test this appliance, I'd bet
there is one out there somewhere.

Any information to help me test/penetrate Tippingpoint would be very
helpful, I'd like to make sure we test this thing well before we shell
out that kind of dough.



This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


ἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενον
ἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.
Οιδίπους Τύρρανος [110]
In this our land, so said he, those who seek  Shall find; unsought, we
lose it utterly.
Oedipus Rex [110]

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]