Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Pen Testing Tippingpoint
From: TStark <stark.ironman () gmail com>
Date: Tue, 19 Jun 2007 12:52:28 -0400

Good info, as you suggested, I'm going to discuss this with our SE. I
appreciate the great response to my question, I only hope I can help
someone in return!

Through my assessment I found that the server group set up a honeypot
for me to hit rather than a normal server, they've asked me to now
tell them the name of the actual software they are using, but I'm
going to make this a seprate question.

Thanks again for the help everyone!!

On 6/14/07, Joey Peloquin <joeyp () cotse net> wrote:
Michael Scheidell wrote:
>> -----Original Message-----
>> From: listbounce () securityfocus com
>> [mailto:listbounce () securityfocus com] On Behalf Of TStark
>> Sent: Saturday, June 09, 2007 7:48 PM
>> To: pen-test () securityfocus com
>> Subject: Pen Testing Tippingpoint
>>
>>
>> Hello,
>>
>> I am planning on pen testing a Tippingpoint appliance, I
>> think it's a 200e, I'm looking for some suggestions on what
>> to use to pen test this thing. I haven't found a Nessus plug
>> in to help test this appliance, I'd bet there is one out
>> there somewhere.
>>
>> Any information to help me test/penetrate Tippingpoint would
>> be very helpful, I'd like to make sure we test this thing
>> well before we shell out that kind of dough.
>>
>
> Generally speaking, it has been a good device (I am a competitor, not a
> user).
<snip>
Disclaimer:  I'm a happy, and loyal, TippingPoint customer.

Michael, as a competitor, I'd expect you to know more about TippingPoint's
shortcomings (as few and far between as they are) :)

The latest vuln for TP actually doesn't involve the UI at all;
http://www.3com.com/securityalert/alerts/3COM-07-001.html

..but it also wasn't around for very long (fixed in the next DV).  You get
what you pay for.

There's been a few DoS vulns over the years, but other than that, nothing
really serious, that was disclosed anyway.

Although my team conducts assessments and pen-tests as part of our daily
routine, I didn't tackle the TP evaluation like an engagement.  These guys
do this for a living..if an IT security guy could "pen-test" the box, i.e.,
go after and _get_ a trophy, I doubt 3Com would have bought them (and we
sure as hell wouldn't).  I also know only a handful of individuals that
possess the SICK skills necessary to disassemble a TP box to the point that
you find a component worth attacking.

That said, I approached the evaluation from the perspective of an attack
simulation, testing latency while under attack (with and without load-you
can use tomahawk to generate load), while pushing DVs and/or policy changes,
etc.  There's lots of tools out there, and you're really only limited by
your imagination.  Grab HD's metasploit to start, put on your "hacker" hat,
and let your imagination go crazy.

Also, if you do find something wrong, please document and report it to TP.
I found problems with two signatures, and they got it fixed before my eval
concluded.

Finally, if you're curious about Tomahawk, TP used to loan a complete rig
out to prospects for testing, so check with your SE.

Good luck!

-jp




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]