From: Gadi Evron (ge@linuxbox.org)
Date: Tue Nov 07 2006 - 17:45:36 EST
On 7 Nov 2006 emptybeerkann@gmail.com wrote:
> You are right. Most firewalls are stateful now, but what if the organization isn't using a firewall? What if they are using a router or some other device instead? This technique once again becomes a viable option.
Firewalls and GREAT, but they are not a necessity. Further, a router can
do quite a lot of what you would want from a firewall in most cases.
Which brings us back to pen-testing. Stateful is an issue when it comes to
that, but I don't see why that is any more than a configuration issue?
As most organizations do use a firewall, do you suggest this as a method
of checking for stateful inspection?
Gadi.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:18 EDT