RE: Testing other prot's and layers.

From: Oliver Petruzel (oliver.petruzel@corbett-tech.com)
Date: 06/12/02 

Date: Tue, 11 Jun 2002 19:02:46 -0400
From: "Oliver Petruzel" <oliver.petruzel@corbett-tech.com>
To: <pen-test@securityfocus.com>

To clarify:
I know that most "vulnerabilities" in HSRP and such are DoS or spoofing (man-in-the-middle attacks) or both... is there a way, besides sniffing and analyzing just the traffic, to test router/switch configurations for flaws. a "probing method" if you will...such as with a nessus plugin or ISS? (this is per a client request)

I am familiar with IRPAS (attack suite: http://www.phenoelit.de/irpas/docu.html), but i need something less intrusive and highly automated that addresses the same protocols...

odd..i know...

./o.p.

-----Original Message-----
From: Oliver Petruzel [mailto:oliver.petruzel@corbett-tech.com]
Sent: Tuesday, June 11, 2002 4:17 PM
To: pen-test@securityfocus.com
Subject: Testing other prot's and layers.

Does anyone have any actual testing software or scripts to test VRRP and HSRP specfically?

Or does everyone do it manually if asked to do so?

Which COTS or open-source scanning products offer layer 2 or 3 testing modules?

thanks ahead of time!

./oliver p.

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Relevant Pages

  • Re: ettercap help
    ... Anyways have never tried Ettercap for VNC. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • RE: CFM SQL injection
    ... You should better use union or alike get unauthorized data from the ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: ettercap help
    ... > I can get it to sniff telnet, ftp, pop, smb, but no vnc. ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • Re: Wardialing
    ... >>> achieving the connection with the modem. ... >>This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
  • RE: How to Tackle the Legal Tangle?
    ... How to Tackle the Legal Tangle? ... >This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ...
    (Pen-Test)
Quantcast