New version of Hailstorm released
From: Jensenne Roculan (jroculan@securityfocus.com)Date: 09/27/01
- Previous message: Dave Vehrs: "RE: Snort sensor placement"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Sep 2001 11:49:40 -0600 (MDT) From: Jensenne Roculan <jroculan@securityfocus.com> To: <focus-ids@securityfocus.com> Subject: New version of Hailstorm released Message-ID: <Pine.GSO.4.30.0109271148430.15805-100000@mail>
This was forwarded from the PEN-TEST mailing list.
Jensenne Roculan
SecurityFocus - http://www.securityfocus.com
ARIS - http://aris.securityfocus.com
(403) 213-3939 ext. 229
---------- Forwarded message ----------
Date: Wed, 26 Sep 2001 16:38:11 -0700
From: Gregory M Hoglund <hoglund@clicktosecure.com>
To: pen-test@securityfocus.com
Subject: RE: Opinions on ClicktoSecure's Hailstorm Product
Since it has been mentioned - I figured I should let you know we just
released version 1.2
An eval can be downloaded from:
http://www.clicktosecure.com/products/evaluation_request.htm
We added over 100 new test patterns to the basic set.
Since I wrote a large part of Hailstorm(TM) I figured I could throw in
some feedback. First, Hailstorm has a fairly complex GUI. It's very
advanced and everything is 'in your face' - this can be a small block to
get over. That being said, we are working diligently on a 2.0 release
that has a completely new GUI - no resemblance to the current one. The
goal was to make Hailstorm easier to use. Be forewarned that this is an
advanced tool before you go and try to download it.
On the upside - we have been very successful testing application-layer
inputs from the network - custom ISAPI interfaces, firewall web-based
admin interfaces, email servers, custom parsers for syslog and snmp
events. Once an application gets into a parsing problem on
user-supplied input, a great deal starts to break. That alone we have
been finding denial-of-service attacks, buffer overflows, and
metacharacter problems. Keep in mind this is 'black-box' - testing
inputs over the network with only an idea of the code paths that are
exercised behind them. On the lower side of the stack - we have also
been very successful at network layer attacks. We have killed a
hardware VPN and caused it to erase it's firmware and reset it's
password to '1234', we have caused firewalls to fail open, found 'killer
packets' that cause harsh resource consumption on routers and
network-address translation processes, and demonstrated serious problems
in 'DDOS protection appliances' - not to mention a variety of faults in
multiple vendor's IDS solutions. The goal here is simple - help the
end-user and the software vendor find problems _before_ the hackers do -
add a little proactivity.
All in all, this tool is about saving time when your doing analysis.
Everything is templated. It may not find complex security-architecture
problems 8-) - but it will find those darned trivial bugs that keep
showing up in Bugtraq every day...
I hope that someday software is written secure.
-Greg Hoglund
CTO, Click To Secure, Inc.
http://www.clicktosecure.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Dave Vehrs: "RE: Snort sensor placement"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
