Penetration Testing mailing list archives
Re: Pentesting Old unsupported Firewall Appliances
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Tue, 12 Jun 2007 13:36:00 +0100
On 11/06/07, Harold Castro <b0ydaem0n () yahoo com> wrote:
Hi,
..
Since I'm doing an external black box pentest, I have to rely on some tools for OS fingerprinting. Nmap guesses it to be either Nokia IPSO 4.0 or 4.1Build19. Now I tried googling for that particular appliance (IP650) and I found out that the appliance is too old as its existence dates back as early as 1999. I'm having a hard time trying to find anything that can be useful for this
Usually the next stage would be to try to exploit it - providing that is allowed for by your penetration-testing contract. (It should be, otherwise it's more of an audit rather than a pen-test.)
If all else fails, do you tell the customer that it is safe to ignore those warnings and vulnerabilities because you, on a hacker's perspective, was not able to penetrate the network by making use of those vulnerabilities found, that the hacker might have a hard time as well and eventually opt for another target?
I don't like to. If you aren't able to break it, just say so. As a pen-tester, you haven't got enough information to say if it's safe. Obviously, if you break it, it's not safe, otherwise you don't know. cheers, Jamie -- Jamie Riden, CISSP / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Pentesting Old unsupported Firewall Appliances Harold Castro (Jun 11)
- Re: Pentesting Old unsupported Firewall Appliances Jamie Riden (Jun 15)
- RE: Pentesting Old unsupported Firewall Appliances Clemens, Dan (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances Tiago Batista (Jun 15)
- Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances mOses (Jun 15)
- Re: Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances Michael Painter (Jun 21)
- Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances mOses (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances Security Guy (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances vtlists (Jun 15)
- <Possible follow-ups>
- RE: Pentesting Old unsupported Firewall Appliances Michael Scheidell (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances Jamie Riden (Jun 15)