RE: Pen-Testing VPN

• Previous message: Darren Beattie: "Pen-Testing VPN"
• In reply to: Darren Beattie: "Pen-Testing VPN"
• Next in thread: Peter Van Epp: "Re: Pen-Testing VPN"
• Reply: Peter Van Epp: "Re: Pen-Testing VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Rob Shein" <shoten@starpower.net>
To: "'Darren Beattie'" <darren.beattie@blueyonder.co.uk>, <pen-test@securityfocus.com>
Date: Thu, 3 Apr 2003 14:30:56 -0500

When I've done this, I first tried to figure out what kind of VPN it was.
What ports does the VPN use? Not all of them use IPSEC, for example, and
some have some additional ports for varying reasons. If you know of some
VPN gateways in existence that are of a known type, you can compare them to
what you're pen-testing as well.

Once you have an idea which kind it is, see if you can get a client for it
(you usually can). Then try to connect, and sniff the traffic. Try
different variables (login name, etc) and mix it up so that you can find the
values being passed to the gateway...and then see what happens when you put
too many characters in one of those fields.

Just a thought :)

-----Original Message-----
From: Darren Beattie [mailto:darren.beattie@blueyonder.co.uk]
Sent: Thursday, April 03, 2003 1:43 PM
To: pen-test@securityfocus.com
Subject: Pen-Testing VPN

Hi All,

I use various scanners and tools to test firewalls and servers. I will
testing a firewall that has VPNs connected to it. I am wandering how to
test the VPN for security. I am sure that I could see the vpn port on the
firewall, listening for connections.

I would like to establish a VPN tunnel and 'hit it' to see how secure it
really is.

I would like some help in identifying any tools out there that would allow
me to carry this out.

Regards,

Darren

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much junk never even
makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.securityfocus.com/SurfControl-pen-test

• Previous message: Darren Beattie: "Pen-Testing VPN"
• In reply to: Darren Beattie: "Pen-Testing VPN"
• Next in thread: Peter Van Epp: "Re: Pen-Testing VPN"
• Reply: Peter Van Epp: "Re: Pen-Testing VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]