Penetration Testing mailing list archives

Re: pen test VPN

From: Jose Nazario <jose () biocserver BIOC cwru edu>
Date: Mon, 25 Feb 2002 19:51:59 -0500 (EST)

On Sun, 24 Feb 2002, Carl Bysen wrote:

what can be done to pen test a VPN setup? Which tools are available,
additionally does it make sense to pen-test a VPN setup (traffic is
encrypted)?


shoten and a colleague of his did a discussion at defcon 01 where they
talked about a buffer overflow in a VPN daemon (they didn't identify which
one, but they gave enough info to those who know how their VPN system
works to know they're vulnerable). basic buffer overflow in the
authentication.

also, i have written some libnet 1.1 code for esp and ah packet creation.
between the two basic premises -- DoS/buffer overflow/etc and traffic
injection/insertion -- you should be able to have some fun with a VPN
tunnel.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

pen test VPN Carl Bysen (Feb 25)
- Re: pen test VPN Jose Nazario (Feb 26)
- Re: pen test VPN Mark Rowe (Feb 27)
- <Possible follow-ups>
- pen test VPN cdowns (Feb 25)
- RE: pen test VPN DABDELMO (Feb 25)
  - RE: pen test VPN Eric Hines (Feb 26)
- RE: pen test VPN Aleksander P. Czarnowski (Feb 26)