Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pen Testing Tippingpoint
From: Joey Peloquin <joeyp () cotse net>
Date: Thu, 14 Jun 2007 20:48:56 -0500

Michael Scheidell wrote:
-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of TStark
Sent: Saturday, June 09, 2007 7:48 PM
To: pen-test () securityfocus com
Subject: Pen Testing Tippingpoint


I am planning on pen testing a Tippingpoint appliance, I 
think it's a 200e, I'm looking for some suggestions on what 
to use to pen test this thing. I haven't found a Nessus plug 
in to help test this appliance, I'd bet there is one out 
there somewhere.

Any information to help me test/penetrate Tippingpoint would 
be very helpful, I'd like to make sure we test this thing 
well before we shell out that kind of dough.

Generally speaking, it has been a good device (I am a competitor, not a
Disclaimer:  I'm a happy, and loyal, TippingPoint customer.

Michael, as a competitor, I'd expect you to know more about TippingPoint's
shortcomings (as few and far between as they are) :)

The latest vuln for TP actually doesn't involve the UI at all;

..but it also wasn't around for very long (fixed in the next DV).  You get
what you pay for.

There's been a few DoS vulns over the years, but other than that, nothing
really serious, that was disclosed anyway.

Although my team conducts assessments and pen-tests as part of our daily
routine, I didn't tackle the TP evaluation like an engagement.  These guys
do this for a living..if an IT security guy could "pen-test" the box, i.e.,
go after and _get_ a trophy, I doubt 3Com would have bought them (and we
sure as hell wouldn't).  I also know only a handful of individuals that
possess the SICK skills necessary to disassemble a TP box to the point that
you find a component worth attacking.

That said, I approached the evaluation from the perspective of an attack
simulation, testing latency while under attack (with and without load-you
can use tomahawk to generate load), while pushing DVs and/or policy changes,
etc.  There's lots of tools out there, and you're really only limited by
your imagination.  Grab HD's metasploit to start, put on your "hacker" hat,
and let your imagination go crazy.

Also, if you do find something wrong, please document and report it to TP.
I found problems with two signatures, and they got it fixed before my eval

Finally, if you're curious about Tomahawk, TP used to loan a complete rig
out to prospects for testing, so check with your SE.

Good luck!


This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]