RE: Cisco VPN Concentrator GUI

• Previous message: Stephen Hassard: "Re: Cisco VPN Concentrator GUI"
• Maybe in reply to: kaps lock: "Cisco VPN Concentrator GUI"
• Next in thread: Atte Peltomaki: "Re: Cisco VPN Concentrator GUI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 16 May 2005 09:21:19 -0500
To: "kaps lock" <kapsloc1978@yahoo.com>, <pen-test@securityfocus.com>

Are you sure that it's not the SSL VPN Interface for remote access? By
default the administration interface is only accessible from the inside
interface, which means that it wouldn't be publicly available to the
Internet unless somebody purposely made it available.

James Williams, GISF
Network Systems Technician

-----Original Message-----
From: kaps lock [mailto:kapsloc1978@yahoo.com]
Sent: Sunday, May 15, 2005 10:09 PM
To: pen-test@securityfocus.com
Subject: Cisco VPN Concentrator GUI

hi all,
i am pen-testing one of our clients and am seeing
their web interface to the vpn concentrator (cisco)
available publicly on the internet with the username
/password page.
How could i explain somebody tht it can be
exploited...am sure this is not a good idea to hav ur
vpn concnetrator interface on the public internet..but
i cant find any vulenrabilites on the net ....to
explain to the person....only thing i can think of is
brute forcing the username pasword field...which is
again a challenge for web vpn..any ideas??
thanks

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

• Previous message: Stephen Hassard: "Re: Cisco VPN Concentrator GUI"
• Maybe in reply to: kaps lock: "Cisco VPN Concentrator GUI"
• Next in thread: Atte Peltomaki: "Re: Cisco VPN Concentrator GUI"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [HPADM] Data Protector Report ... FAILED "DP Session" Numbers and their related ... manually goes to the interface and keeps clicking on ... Do You Yahoo!? ... Mail has the best spam protection around ... (HP-UX-Admin) Re: Configuring Cisco VPN Client / Windows XP ... Packets will use an interface based on the routing table. ... Generally speaking when the VPN is connected it will add a route to the ... flush the DNS Cache resolver to clear out the old DNS ... > cannot access the *same* pages on the computer with the VPN client ... (comp.dcom.vpn) Re: VPN Problems ... in the Cisco VPN Client Log I am getting: ... interface: outside ... port-object eq echo ... crypto dynamic-map RemoteVPNDynmap 10 set transform-set RemoteVPNSet ... (comp.dcom.sys.cisco) Re: ASA 5510 Route Question ... My thought process was that I would dedicate one T1 to strictly carry VPN traffic, while the other handles all other internet traffic. ... I hope to eliminate congestion to my spoke VPN sites due to excessive internet traffic. ... interface has no nat, but a crypto map assigned to it. ... Should I, as part of configuring VPN connectivity for each site, assign a static route for 192.168.X.0/24 to point out the VPN interface on the 5500? ... (comp.dcom.sys.cisco) Re: VPN IP Addressing Problem ... If I took the public IP I am using for PAT and applied it to the ... to the inside interface of the Router. ... can use the ASA interface for both the PAT and the VPN address, ... Can I just VPN to the public IP that is NATed to the LAN ... (comp.dcom.sys.cisco)