From: TStark (stark.ironman@gmail.com)
Date: Tue Jun 19 2007 - 12:52:28 EDT
Good info, as you suggested, I'm going to discuss this with our SE. I
appreciate the great response to my question, I only hope I can help
someone in return!
Through my assessment I found that the server group set up a honeypot
for me to hit rather than a normal server, they've asked me to now
tell them the name of the actual software they are using, but I'm
going to make this a seprate question.
Thanks again for the help everyone!!
On 6/14/07, Joey Peloquin <joeyp@cotse.net> wrote:
> Michael Scheidell wrote:
> >> -----Original Message-----
> >> From: listbounce@securityfocus.com
> >> [mailto:listbounce@securityfocus.com] On Behalf Of TStark
> >> Sent: Saturday, June 09, 2007 7:48 PM
> >> To: pen-test@securityfocus.com
> >> Subject: Pen Testing Tippingpoint
> >>
> >>
> >> Hello,
> >>
> >> I am planning on pen testing a Tippingpoint appliance, I
> >> think it's a 200e, I'm looking for some suggestions on what
> >> to use to pen test this thing. I haven't found a Nessus plug
> >> in to help test this appliance, I'd bet there is one out
> >> there somewhere.
> >>
> >> Any information to help me test/penetrate Tippingpoint would
> >> be very helpful, I'd like to make sure we test this thing
> >> well before we shell out that kind of dough.
> >>
> >
> > Generally speaking, it has been a good device (I am a competitor, not a
> > user).
> <snip>
> Disclaimer: I'm a happy, and loyal, TippingPoint customer.
>
> Michael, as a competitor, I'd expect you to know more about TippingPoint's
> shortcomings (as few and far between as they are) :)
>
> The latest vuln for TP actually doesn't involve the UI at all;
> http://www.3com.com/securityalert/alerts/3COM-07-001.html
>
> ..but it also wasn't around for very long (fixed in the next DV). You get
> what you pay for.
>
> There's been a few DoS vulns over the years, but other than that, nothing
> really serious, that was disclosed anyway.
>
> Although my team conducts assessments and pen-tests as part of our daily
> routine, I didn't tackle the TP evaluation like an engagement. These guys
> do this for a living..if an IT security guy could "pen-test" the box, i.e.,
> go after and _get_ a trophy, I doubt 3Com would have bought them (and we
> sure as hell wouldn't). I also know only a handful of individuals that
> possess the SICK skills necessary to disassemble a TP box to the point that
> you find a component worth attacking.
>
> That said, I approached the evaluation from the perspective of an attack
> simulation, testing latency while under attack (with and without load-you
> can use tomahawk to generate load), while pushing DVs and/or policy changes,
> etc. There's lots of tools out there, and you're really only limited by
> your imagination. Grab HD's metasploit to start, put on your "hacker" hat,
> and let your imagination go crazy.
>
> Also, if you do find something wrong, please document and report it to TP.
> I found problems with two signatures, and they got it fixed before my eval
> concluded.
>
> Finally, if you're curious about Tomahawk, TP used to loan a complete rig
> out to prospects for testing, so check with your SE.
>
> Good luck!
>
> -jp
>
>
>
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:52 EDT