RE: Testing F5 3DNS

From: Bradley D. Moore (brad.moore_at_circlecity.net)
Date: 07/29/04

  • Next message: Mark Curphey: "RE: Website search engine is a hacking tool.." 
    To: <pen-test@securityfocus.com>
Date: Wed, 28 Jul 2004 20:44:28 -0500

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    It sounds like a simple (non-stateful) packet filter (router or
    host-based) sits between you and your test subject. Unable to detect
    "state" in UDP packets (I suppose "relatedness" would be more
    precise), there's probably an "allow udp src=53" rule.

    If that's true, it's very old school technology (IMHO). To test a
    specific service, you could try something simple and interactive
    (that will let you define the source port), like netcat (if the
    protocol is text-based) or something more complex like an application
    that builds custom packets (there are some out there, but I can't
    think of anything offhand).

    I imagine the list would be interested in your methodology and
    findings.

    (B.)

    - -------------------------------------
    He who knows, does not speak.
    He who speaks, does not know.
                             -- Lao Tsu
    - -------------------------------------
    Bradley D. Moore ~ brad.moore@circlecity.net
    - -------------------------------------
    PGP Public Key: http://www.circlecity.net/brad.moore.asc
    PGP Fingerprint: 347D 05BB 56D4 0675 5D2C F3A6 42AA B1B0 F4BD 610B

    - -----Original Message-----
    From: wnorth [mailto:wnorth@verizon.net]
    Sent: Saturday, July 24, 2004 12:03 PM
    To: pen-test@securityfocus.com
    Subject: Testing F5 3DNS

    So, I found something interesting during a pen test of an F5 3DNS
    device. Just doing a simple UDP port scan against the device and
    sourcing my port as udp/53 I was able to see all of the UDP services
    running. The next step would have been to try and test these services
    by keeping my source port as UDP/53. Anyone know of a way to do this,
    something like testing SNMP by sourcing as UDP/53, or some other
    test.

    Suggestions are welcome.

    - -wn

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

    iQA/AwUBQQhWe0KqsbD0vWELEQKCTACfTEyZ4mAPwnKhHFW7r3FA4J2HKZ4An2MC
    LerJvnWWnp3mTrxXp6Jv6zwf
    =uRdi
    -----END PGP SIGNATURE-----

  • Next message: Mark Curphey: "RE: Website search engine is a hacking tool.."

    Relevant Pages

    • Re: doubts about nat-traversal
      ... the range and has nothing to do with your other VPN tunnels. ... known destination port of UDP 4500. ... source port as something other than UDP 4500 then it knows that ... ESP and AH packets within UDP. ...
      (comp.dcom.sys.cisco)
    • Re: Testing F5 3DNS
      ... Netcat allows you to define the source port and supports UDP. ... > udp/53 I was able to see all of the UDP services running. ...
      (Pen-Test)
    • Re: UPD better than TCP in streaming video/audio ?
      ... > UDP gains speed over TCP because it carries no information that would ... it doesn't even know that packets were lost. ... which is perfect for UDP. ... > Finally, there's the possibility of multicast data - for instance, a live ...
      (microsoft.public.win32.programmer.networks)
    • Re: Linux equivalent for ioctlsocket(FIONREAD) on datagram sockets
      ... Imagine that fast CPU sends a burst of UDP ... spirit of UDP standard should do in that particular case? ... blocking a clling thread until the NIC hardware ... reads one or more packets from socket's send buffer freeing up space ...
      (comp.os.linux.development.apps)
    • Re: NTP and Firewall help needed.
      ... >>port 123 for udp and tcp. ... The action here is applied for packets that fall off ... > - ACCEPT any and all traffic coming from the localhost interface ...
      (comp.os.linux.setup)