RE: Firewall Penetration Testing

From: Combs, Christopher (Christopher) (ccombs@avaya.com)
Date: Wed Sep 17 2003 - 13:36:32 EDT


Filters, Filters and Filters.

Protecting web servers with MS's own IPSec Policy manager is what I used
to lock it down. Only port 80 was left open for obvious reasons. See
instructions below. This is server level only, not firewall. But it
seems to be doing an awesome job of protecting itself.

http://www.microsoft.com/technet/itsolutions/network/maintain/security/i
psecld.asp?frame=true

Christopher J. Combs
Avaya Tier 3 Convergence Engineer
AIM ID - cjintier3
(720) 444-1092
"Minding your net, safe and secure"
http://support.avaya.com/security

-----Original Message-----
From: Stack Buffer [mailto:black_merkury@yahoo.com]
Sent: Wednesday, September 17, 2003 5:03 AM
To: pen-test@securityfocus.com
Subject: Firewall Penetration Testing

Hi all,

I am new to this list, and I am working on fire wall
vulnerabilities.
I strongly believe that fire walls are not enough
today against increasingly sophisticated attackers.
I have done research into IP fragmentation attacks and
I am implementing test programs based on such data.
see:
http://www.zvon.org/tmRFC/RFC1858/Output/chapter2.html.

But I still believe that other vulnerabilities may
still exist, as they say security is a continous
process.
I hope to compile a paper detailing the procedures and
results of my research, and I would really appreciate
any pointers to current infomation/papers or advice.

I will be grateful for any help rendered.
Thank you.

Edward

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

------------------------------------------------------------------------

---
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free
for  21 days at:
http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL 
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment 
technology powered by the award-winning FoundScan engine. Try it free for  21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:40 EDT