RE: Testing F5 3DNS

From: Bradley D. Moore (brad.moore@circlecity.net)
Date: Wed Jul 28 2004 - 21:44:28 EDT

• Next message: Mark Curphey: "RE: Website search engine is a hacking tool.."
• Previous message: Amal Mohammad Al Hajeri: "RE: Website search engine is a hacking tool.."
• In reply to: wnorth: "Testing F5 3DNS"
• Next in thread: Jay Beale: "Re: Testing F5 3DNS"
• Reply: Jay Beale: "Re: Testing F5 3DNS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It sounds like a simple (non-stateful) packet filter (router or
host-based) sits between you and your test subject. Unable to detect
"state" in UDP packets (I suppose "relatedness" would be more
precise), there's probably an "allow udp src=53" rule.

If that's true, it's very old school technology (IMHO). To test a
specific service, you could try something simple and interactive
(that will let you define the source port), like netcat (if the
protocol is text-based) or something more complex like an application
that builds custom packets (there are some out there, but I can't
think of anything offhand).

I imagine the list would be interested in your methodology and
findings.

(B.)

- -------------------------------------
He who knows, does not speak.
He who speaks, does not know.
                         -- Lao Tsu
- -------------------------------------
Bradley D. Moore ~ brad.moore@circlecity.net
- -------------------------------------
PGP Public Key: http://www.circlecity.net/brad.moore.asc
PGP Fingerprint: 347D 05BB 56D4 0675 5D2C F3A6 42AA B1B0 F4BD 610B

- -----Original Message-----
From: wnorth [mailto:wnorth@verizon.net]
Sent: Saturday, July 24, 2004 12:03 PM
To: pen-test@securityfocus.com
Subject: Testing F5 3DNS

So, I found something interesting during a pen test of an F5 3DNS
device. Just doing a simple UDP port scan against the device and
sourcing my port as udp/53 I was able to see all of the UDP services
running. The next step would have been to try and test these services
by keeping my source port as UDP/53. Anyone know of a way to do this,
something like testing SNMP by sourcing as UDP/53, or some other
test.

Suggestions are welcome.

- -wn

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBQQhWe0KqsbD0vWELEQKCTACfTEyZ4mAPwnKhHFW7r3FA4J2HKZ4An2MC
LerJvnWWnp3mTrxXp6Jv6zwf
=uRdi
-----END PGP SIGNATURE-----

• Next message: Mark Curphey: "RE: Website search engine is a hacking tool.."
• Previous message: Amal Mohammad Al Hajeri: "RE: Website search engine is a hacking tool.."
• In reply to: wnorth: "Testing F5 3DNS"
• Next in thread: Jay Beale: "Re: Testing F5 3DNS"
• Reply: Jay Beale: "Re: Testing F5 3DNS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT