Well said Rob. If it CheckPoint you may be lucky by using the vulnerability reported below: http://www.nta-monitor.com/news/checkpoint/checkpoint-main.htm http://www.securityfocus.com/archive/1/290202/2002-09-01/2002-09-07/0 If is IPSEC try the following approach: http://www.nta-monitor.com/ike-scan/ Enjoy T.Lambo In an email dated Thu, 3 Apr 2003 7:30:56 pm GMT, "Rob Shein" <shotenat_private> writes: >When I've done this, I first tried to figure out what kind of VPN it was. >What ports does the VPN use? Not all of them use IPSEC, for example, and >some have some additional ports for varying reasons. If you know of some >VPN gateways in existence that are of a known type, you can compare them to >what you're pen-testing as well. > >Once you have an idea which kind it is, see if you can get a client for it >(you usually can). Then try to connect, and sniff the traffic. Try >different variables (login name, etc) and mix it up so that you can find the >values being passed to the gateway...and then see what happens when you put >too many characters in one of those fields. > >Just a thought :) > >-----Original Message----- >From: Darren Beattie [mailto:darren.beattieat_private] >Sent: Thursday, April 03, 2003 1:43 PM >To: pen-testat_private >Subject: Pen-Testing VPN > > > > >Hi All, > >I use various scanners and tools to test firewalls and servers. I will >testing a firewall that has VPNs connected to it. I am wandering how to >test the VPN for security. I am sure that I could see the vpn port on the >firewall, listening for connections. > >I would like to establish a VPN tunnel and 'hit it' to see how secure it >really is. > >I would like some help in identifying any tools out there that would allow >me to carry this out. > >Regards, > >Darren > >top spam and e-mail risk at the gateway. >SurfControl E-mail Filter puts the brakes on spam & viruses >and gives you the reports to prove it. See exactly how much junk never even >makes it in the door. Free 30-day trial: >http://www.securityfocus.com/SurfControl-pen-test > > > > >top spam and e-mail risk at the gateway. >SurfControl E-mail Filter puts the brakes on spam & viruses >and gives you the reports to prove it. See exactly how much >junk never even makes it in the door. Free 30-day trial: >http://www.securityfocus.com/SurfControl-pen-test > > top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.securityfocus.com/SurfControl-pen-test
This archive was generated by hypermail 2b30 : Thu Apr 03 2003 - 12:49:18 PST