Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pentesting Old unsupported Firewall Appliances
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Tue, 12 Jun 2007 13:36:00 +0100

On 11/06/07, Harold Castro <b0ydaem0n () yahoo com> wrote:
Since I'm doing an external black box pentest, I have
to rely on some tools for OS fingerprinting. Nmap
guesses it to be either Nokia IPSO 4.0 or 4.1Build19.
Now I tried googling for that particular appliance
(IP650) and I found out that the appliance is too old
as its existence dates back as early as 1999. I'm
having a hard time trying to find anything
that can be useful for this

Usually the next stage would be to try to exploit it - providing that
is allowed for by your penetration-testing contract. (It should be,
otherwise it's more of an audit rather than a pen-test.)

If all else fails, do you tell the customer that it is
safe to ignore those warnings and vulnerabilities
because you, on a hacker's perspective, was not able
to penetrate the network by making use of those
vulnerabilities found, that the hacker might have a
hard time as well and eventually opt for another

I don't like to. If you aren't able to break it, just say so. As a
pen-tester, you haven't got enough information to say if it's safe.
Obviously, if you break it, it's not safe, otherwise you don't know.

Jamie Riden, CISSP / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]