When I've done this, I first tried to figure out what kind of VPN it was. What ports does the VPN use? Not all of them use IPSEC, for example, and some have some additional ports for varying reasons. If you know of some VPN gateways in existence that are of a known type, you can compare them to what you're pen-testing as well. Once you have an idea which kind it is, see if you can get a client for it (you usually can). Then try to connect, and sniff the traffic. Try different variables (login name, etc) and mix it up so that you can find the values being passed to the gateway...and then see what happens when you put too many characters in one of those fields. Just a thought :) -----Original Message----- From: Darren Beattie [mailto:darren.beattieat_private] Sent: Thursday, April 03, 2003 1:43 PM To: pen-testat_private Subject: Pen-Testing VPN Hi All, I use various scanners and tools to test firewalls and servers. I will testing a firewall that has VPNs connected to it. I am wandering how to test the VPN for security. I am sure that I could see the vpn port on the firewall, listening for connections. I would like to establish a VPN tunnel and 'hit it' to see how secure it really is. I would like some help in identifying any tools out there that would allow me to carry this out. Regards, Darren top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 12:19:44 PST