Penetration Testing mailing list archives
RE: Testing F5 3DNS
From: "Bradley D. Moore" <brad.moore () circlecity net>
Date: Wed, 28 Jul 2004 20:44:28 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 It sounds like a simple (non-stateful) packet filter (router or host-based) sits between you and your test subject. Unable to detect "state" in UDP packets (I suppose "relatedness" would be more precise), there's probably an "allow udp src=53" rule. If that's true, it's very old school technology (IMHO). To test a specific service, you could try something simple and interactive (that will let you define the source port), like netcat (if the protocol is text-based) or something more complex like an application that builds custom packets (there are some out there, but I can't think of anything offhand). I imagine the list would be interested in your methodology and findings. (B.) - ------------------------------------- He who knows, does not speak. He who speaks, does not know. -- Lao Tsu - ------------------------------------- Bradley D. Moore ~ brad.moore () circlecity net - ------------------------------------- PGP Public Key: http://www.circlecity.net/brad.moore.asc PGP Fingerprint: 347D 05BB 56D4 0675 5D2C F3A6 42AA B1B0 F4BD 610B - -----Original Message----- From: wnorth [mailto:wnorth () verizon net] Sent: Saturday, July 24, 2004 12:03 PM To: pen-test () securityfocus com Subject: Testing F5 3DNS So, I found something interesting during a pen test of an F5 3DNS device. Just doing a simple UDP port scan against the device and sourcing my port as udp/53 I was able to see all of the UDP services running. The next step would have been to try and test these services by keeping my source port as UDP/53. Anyone know of a way to do this, something like testing SNMP by sourcing as UDP/53, or some other test. Suggestions are welcome. - -wn -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBQQhWe0KqsbD0vWELEQKCTACfTEyZ4mAPwnKhHFW7r3FA4J2HKZ4An2MC LerJvnWWnp3mTrxXp6Jv6zwf =uRdi -----END PGP SIGNATURE-----
Current thread:
- Testing F5 3DNS wnorth (Jul 28)
- Re: Testing F5 3DNS Philippe Biondi (Jul 30)
- Re: Testing F5 3DNS Max Enders (Jul 30)
- RE: Testing F5 3DNS Bradley D. Moore (Jul 30)
- Re: Testing F5 3DNS Ben Timby (Jul 30)