Re: Broadband CPE Vulnerability Tool?

From: Scott Davidson (scott@d3fcon.org)
Date: Tue Aug 15 2006 - 09:52:51 EDT

• Next message: okrehel@loews.com: "Re: Clueless firewall configuration ?"
• Previous message: Dr David Scholefield: "Re: xss....what next???"
• In reply to: Nicolas RUFF: "Re: Broadband CPE Vulnerability Tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Nicolas RUFF wrote:
>> Can anyone recommend a vulnerability scanner for broadband router CPE such as Netopia, Flowpoint, Siemens? It looks like none of the big names like Nessus do this..
>>
>
> IMHO there are too many firmware revisions, too many flaws and not
> enough business for such a vulnerability scanner ...
>
> For example, the Linksys WRT54G comes in 4 families with 10 hardware
> revisions and numerous firmware sub-revisions ...
> http://en.wikipedia.org/wiki/WRT54G
>
> It would be just like tracking every XSS flaw :)
>
> Regards,
> - Nicolas RUFF
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
>
>
>
That's what is going to make Cisco's planned virtual processes so sweet
to worms and script kiddies, predictable memory locations independent of
hardware, firmware or IOS build. Fatal flaw in their thinking meant to
be a work around for the pain of parallel development for each variation.

-- 
Scott Davidson, CISSP, SCSP, CCNA
scott@d3fcon.org - dogtentx on Yahoo IM
MOB	214-632-6191
FAX	440-658-6191
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------

• Next message: okrehel@loews.com: "Re: Clueless firewall configuration ?"
• Previous message: Dr David Scholefield: "Re: xss....what next???"
• In reply to: Nicolas RUFF: "Re: Broadband CPE Vulnerability Tool?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:43 EDT