RE: Using IPaqs or other handhelds as penetration devices

From: Don Weber (Don@AirLink.com)
Date: 05/17/02


From: "Don Weber" <Don@AirLink.com>
To: "Johann van Duyn" <Johann_van_Duyn@bat.com>, <pen-test@securityfocus.com>
Date: Thu, 16 May 2002 15:06:54 -0700

I have found portscan tools, theres even a winPcap version for winCE,
<<--snipped from http://winpcap.polito.it/install/default.htm
The CE version was tested successfully (not by us) on Compaq Pocket PC and
HP Jornada.,
<<--end of snip

i did do some portscanning from an iPaq, it was extremely slow via CDPD
connection, not sure how it would have performed on a wireless lan card.

Don

-----Original Message-----
From: Johann van Duyn [mailto:Johann_van_Duyn@bat.com]
Sent: Thursday, May 16, 2002 2:19 AM
To: pen-test@securityfocus.com
Subject: Using IPaqs or other handhelds as penetration devices

Hi there...

I was wondering whether any exploits or penetration tools exist that run on
Compaq IPaq PDAs (running Windows CE or whatever they call it now), or any
other handheld devices, for that matter. This is part risk analysis
regarding the use of such devices, and part looking at using such a device
for lightweight ad-hoc penetration or vulnerability testing.

Thanks!

-----------------------------------------
Johann van Duyn, CISSP
IT Risk and Security Manager: British American Tobacco South Africa
Stellenbosch, South Africa
Tel. +27 (21) 8883765
Cel. +27 (82) 4588472
Fax. +27 (21) 8838692
E:mail: johann_van_duyn@bat.com
-----------------------------------------
"... this leads you to assume that organization is an inherent property of
the knowledge itself,
and that disorder and chaos are simply irrelevant forces that threaten it
from outside.

In fact it's exactly the opposite.

Order is simply a thin, perilous condition we try to impose on the basic
reality of chaos..."

--William Gaddis, JR

Confidentiality Notice: The information in this document and
attachments is confidential and may also be legally privileged.
It is intended only for the use of the named recipient. Internet
communications are not secure and therefore British American
Tobacco does not accept legal responsibility for the contents of
this message. If you are not the intended recipient,please notify us
immediately and then delete this document. Do not disclose the
contents of this document to any other person, nor take any copies.
Violation of this notice may be unlawful.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/



Relevant Pages

  • RE: SQL
    ... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Insurance
    ... property--data beign deemed "intangible" for the purposes of insurance. ... for physical security testing there are often 3rd parties ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: Pen-Testing Lotus Notes/Domino
    ... Subject: Pen-Testing Lotus Notes/Domino ... of document security. ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • R: Pen-Testing help (Compaq Insight & htsearch)
    ... This web server happens to be in front of their ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Application & Iplanet/Apache web server vulnerability and penetration testing
    ... I don't know what to do on the web servers other than delete example ... Any suggestions on iPlanet and Apache security? ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)