From: Joey Peloquin (joeyp@cotse.net)
Date: Thu Jun 14 2007 - 21:48:56 EDT
Michael Scheidell wrote:
>> -----Original Message-----
>> From: listbounce@securityfocus.com
>> [mailto:listbounce@securityfocus.com] On Behalf Of TStark
>> Sent: Saturday, June 09, 2007 7:48 PM
>> To: pen-test@securityfocus.com
>> Subject: Pen Testing Tippingpoint
>>
>>
>> Hello,
>>
>> I am planning on pen testing a Tippingpoint appliance, I
>> think it's a 200e, I'm looking for some suggestions on what
>> to use to pen test this thing. I haven't found a Nessus plug
>> in to help test this appliance, I'd bet there is one out
>> there somewhere.
>>
>> Any information to help me test/penetrate Tippingpoint would
>> be very helpful, I'd like to make sure we test this thing
>> well before we shell out that kind of dough.
>>
>
> Generally speaking, it has been a good device (I am a competitor, not a
> user).
<snip>
Disclaimer: I'm a happy, and loyal, TippingPoint customer.
Michael, as a competitor, I'd expect you to know more about TippingPoint's
shortcomings (as few and far between as they are) :)
The latest vuln for TP actually doesn't involve the UI at all;
http://www.3com.com/securityalert/alerts/3COM-07-001.html
..but it also wasn't around for very long (fixed in the next DV). You get
what you pay for.
There's been a few DoS vulns over the years, but other than that, nothing
really serious, that was disclosed anyway.
Although my team conducts assessments and pen-tests as part of our daily
routine, I didn't tackle the TP evaluation like an engagement. These guys
do this for a living..if an IT security guy could "pen-test" the box, i.e.,
go after and _get_ a trophy, I doubt 3Com would have bought them (and we
sure as hell wouldn't). I also know only a handful of individuals that
possess the SICK skills necessary to disassemble a TP box to the point that
you find a component worth attacking.
That said, I approached the evaluation from the perspective of an attack
simulation, testing latency while under attack (with and without load-you
can use tomahawk to generate load), while pushing DVs and/or policy changes,
etc. There's lots of tools out there, and you're really only limited by
your imagination. Grab HD's metasploit to start, put on your "hacker" hat,
and let your imagination go crazy.
Also, if you do find something wrong, please document and report it to TP.
I found problems with two signatures, and they got it fixed before my eval
concluded.
Finally, if you're curious about Tomahawk, TP used to loan a complete rig
out to prospects for testing, so check with your SE.
Good luck!
-jp
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:52 EDT