Re: Core Impact references
From: ADT (synfinatic_at_gmail.com)
Date: 11/13/05
- Previous message: Jason Muskat: "RE: DNS ACL ?"
- In reply to: Sam Johnson: "RE: Core Impact references"
- Next in thread: Ivan Arce: "Re: Core Impact references"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 13 Nov 2005 13:21:58 -0800 To: sjohnson@karalon.com
Transmission between gateways? You mean like a router? tcpreplay has
supported rewriting IP/MAC addresses to allow for forwarding through a
router or proxy-arp device for well over a year now. True, it doesn't
support NAT gateways unless there is a 1:1 relationship between the
public/private addresses. Although I can say with near certainty that
nobody has ever asked for that feature either.
"Guaranteed packet delivery" is impossible. Resending a dropped
packet doesn't mean it will get through if that packet was dropped
intentionally by an inline device such as a firewall or IPS.
You can accomplish "best effort" and resend dropped packets, but
sooner or later you have to give up or fall into an infinate loop.
Either way, as I said earlier, I don't see tcpreplay or Traffic IQ
being really useful here. Neither is appropriate for replaying
traffic generated by a security tool such as CoreImpact since you
can't use either to actually connect to a remote service or provide
any means to interpret the results other then a tedious manual
process. Or did I miss that update? :)
On 11/12/05, Sam Johnson <sjohnson@karalon.com> wrote:
> Excellent news. When did TCP Replay support the transmission between
> gateways and address translation with guaranteed packet delivery? I must
> have missed that update.
>
> SJ
>
>
>
> -----Original Message-----
> From: ADT [mailto:synfinatic@gmail.com]
> Sent: 11 November 2005 19:28
> To: pen-test
> Subject: Re: Core Impact references
>
> If you're going to go through the effort of capturing/replaying
> traffic, you could also use tcpreplay. While it doesn't have a pretty
> gui, it offers basically the same functionality for free.
>
> Honestly though, if you want to actually use CI against a set of
> hosts, then neither tcpreplay or Traffic IQ would seem to be up to the
> task since they're stateless and unable to establish TCP sessions to a
> target (both are designed to test inline firewalls/IPS or passive
> devices like IDS). Flowreplay (part of tcpreplay 3.x) is supposed to
> fill that gap, but is still alpha quality at best right now.
>
> On 11/10/05, Tony Haywood <thaywood@karalon.com> wrote:
> > Jason,
> >
> > Traffic IQ Pro has the ability to set a delay on a per packet or per
> traffic
> > file basis by up to 1 hour in minute, second and millisecond increments.
> >
> > If you are already using Core Impact but it is not providing this
> capability
> > then you could capture the output and import the captures into Traffic IQ
> > for replay.
>
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
- Previous message: Jason Muskat: "RE: DNS ACL ?"
- In reply to: Sam Johnson: "RE: Core Impact references"
- Next in thread: Ivan Arce: "Re: Core Impact references"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
