Re: rose fragmentation attack

DoS could very well be part of a penetration test. It just depends on whether you have permission from the client.

It is important to understand every vector that may be used to attack the infrastructure.

Customarily this would be a test environment that mirrors production that would not impact their clients if it was taken offline.

Its better they know they are susceptable to DoS in a penetration test vs. when their site is offline for hours/days when a botnet comes a knocking.

Jay

----- Original Message -----
From: Justin Ferguson [mailto:jnferguson@xxxxxxxxx]
To: pen-test@xxxxxxxxxxxxxxxxx
Sent: Wed, 27 Jun 2007 08:25:31 -0700
Subject: Re: rose fragmentation attack

i apologize to everyone whose time i wasted with their helping me, but
i was curious, The rose attack was a DoS, and I cannot recall a single
penetration test where DoS was in scope, which should make one
question the legitimacy of my request, however that didn't happen (i
got a lot of pretty helpful replies)

So really, whats the difference between what I asked and what this guy asked?

--- Nikolaj <lorddoskias@xxxxxxxxx> wrote:

Anyone has some first-hand info about this exploitation toolkit? Or
any info where it can be bought?



Kishore
Penetration Tester
Smart Security
T.Nagar , Chennai
Phone: 91 98841 80767


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

Relevant Pages

  • Re: rose fragmentation attack
    ... A boilerplate or framework is just that a framework. ... Subject: rose fragmentation attack ... Its better they know they are susceptable to DoS in a penetration test vs. when their site is offline for hours/days when a botnet comes a knocking. ...
    (Pen-Test)
  • Re: rose fragmentation attack
    ... It is important to understand every vector that may be used to attack the infrastructure. ... Its better they know they are susceptable to DoS in a penetration test vs. when their site is offline for hours/days when a botnet comes a knocking. ... solution FREE - limited Time Offer ...
    (Pen-Test)
  • Re: rose fragmentation attack
    ... i was curious, The rose attack was a DoS, and I cannot recall a single ... penetration test where DoS was in scope, ... > Anyone has some first-hand info about this exploitation toolkit? ...
    (Pen-Test)
  • Re: TCP/IP comms problems between WinXP and DOS
    ... I have written client and server versions ... In the instance where I have a problem the DOS system is running as client, ... By simple changing of i/p addresses / network names I have run the client ...
    (microsoft.public.dotnet.languages.vc)
  • Re: Ram Disk by arsoft didnt work.....
    ... Last time I worked with MS DOS Network Client many, ... usually does not help you much with troubleshooting network problems. ... > name and workgroup (start wizard). ...
    (microsoft.public.windowsxp.embedded)