I haven't heard of any automated tools for pen-testing exotic communication protocols, however as this document: www.courts.qld.gov.au/qjudgment/ QCA%202002/QCA02-164.pdf demonstrates, development tools and client software can be used to cause mischief (assuming you've got yourself a wireless modem). If your really up for an all expenses paid trip to cuba: http://www.applsyseng.com/hfiles/rtu.asp would probably come in handy. Testing IP based systems could probably be achieved using normal pen-testing techniques (assuming the softwares robust enough to handle the scan). I see the major problem here is if a script kiddy compromised control software sitting on a win2k box or similar On a quick side rant - increased deployment on IP topologies may be a good thing as we have lots of experience in protecting systems that use these technologies (though the bad guys have more experience attacking them too) than exotic protocols running over wireless (broadcast) networks. I'm not convinced of the value of pen-testing SCADA networks (how do you pen-test without causing damage? + most of the vulnerabilities are blindingly obvious), but if you had access to a system prior to deployment, a pen test might come in handy in convincing the boss that a bit of encryption/firewalling wouldn't go astray. Cheers, dave (all comments/insults appreciated). _________________________________________________________________ Hot chart ringtones and polyphonics. Go to http://ninemsn.com.au/share/redir/adTrack.asp?mode=click&clientID=174&referral=Hotmail_taglines_plain&URL=http://ninemsn.com.au/mobilemania/default.asp --------------------------------------------------------------------------- Your network Firewall and IDS products do not prevent Web application exploits - the most common form of online attack - resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the first and only company that provides a complete and an integrated suite of Web application security products, allowing you to assess your entire environment, automatically set positive security policies and maintain it without compromising business performance. For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit: http://www.kavado.com/ad.htm ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 17 2003 - 08:47:27 PDT