RE: RADWare Link Proof Questions

From: Renaud Bidou (RenaudB@Radware.com)
Date: Thu Jul 06 2006 - 03:51:37 EDT

• Next message: Karyn Pichnarczyk: "Re: Protocol Analysis"
• Previous message: Dave: "Testing vulnerable web application : various replies"
• Maybe in reply to: Security Tester: "RADWare Link Proof Questions"
• Next in thread: Robert E. Lee: "Re: RADWare Link Proof Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

This is a known configuration issue. The hashing is probably not activated on the linkproof, and therefore the "client table" literally "explodes" when you scan through the box.

Cheers,

Renaud BIDOU
Security Consultant
Radware EMEA
 
-----Message d'origine-----
De : Dan Catalin Vasile [mailto:hardware_cta@yahoo.com]
Envoyé : jeudi 6 juillet 2006 07:09
À : Security Tester; pentest
Objet : Re: RADWare Link Proof Questions

What type of scan did you used? I have noticed the
same behavior with another type of load balancing
device during FIN scans.

Have secure fun,
Dan

--- Security Tester <pentestrbk@gmail.com> wrote:

> Hi All -
>
> I've been conducting a pen test against a client who
> has RADWare's
> Link Proof devices to perform load balancing across
> their Internet
> connections. While running my scans (basic TCP port
> scans and such)
> they claim that their load balancers basically
> rolled-over and died
> causing Internet outages (inbound and outbound).
>
> Has anyone else seen this kind of behavior?
>
> Are their configuration settings on the Link Proof
> that would prevent
> this or is this simply a vulnerability with the load
> balancers?
>
> Just as a point of reference, I was sourcing the
> scan from a cable
> modem connection (max 768K up) and wasn't trying to
> blast them or
> anything (they are a client after all); it just
> seems strange to me
> that my scans were able to do this considering that
> they have a couple
> of DS3s of bandwidth coming in.
>
> Any info/advice would be appreciated.
>
> Thanks,
>
> RBK
>
>
------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only
> one to win the Analyst's
> Choice Award from eWeek. As attacks through web
> applications continue to rise,
> you need to proactively protect your applications
> from hackers. Cenzic has the
> most comprehensive solutions to meet your
> application security penetration
> testing and vulnerability management needs. You have
> an option to go with a
> managed service (Cenzic ClickToSecure) or an
> enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how
> a managed service can
> help you:
> http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit
> for you to confirm your
> results from other product. Contact us at
> request@cenzic.com for details.
>
------------------------------------------------------------------------------
>
>

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------

• Next message: Karyn Pichnarczyk: "Re: Protocol Analysis"
• Previous message: Dave: "Testing vulnerable web application : various replies"
• Maybe in reply to: Security Tester: "RADWare Link Proof Questions"
• Next in thread: Robert E. Lee: "Re: RADWare Link Proof Questions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:13 EDT