Results 1 to 3 of 3

Thread: Firewall pen test

  1. #1
    Junior Member
    Join Date
    Aug 2006
    Posts
    1

    Firewall pen test

    For security/objectivity reasons we have payed to security company the firewall configuration including VPN feature. We are using Cisco Pix 506E with PIX-OS 6.3 version.

    We read about Cisco Internet Key Exchange Denial of Service Vulnerability for this pix between other vulnerability docs. For this reason we need to do pen test to check pix and we know security is not just a hardware firewall installation.

    At first scope we want to do pen testing to the VPN configuration in both ways, inside and outside the firewall but we need to work asap the external way (scanning from outside the pix) because VPN is working since last week.

    If anyone can point to any good tools (any type, open source or not) to do pen test from outside, that would be really helpful. We are using Windows (all versions) and Linux (Slackware) platforms where we could use recommended tools.

    Thanks in advance.

  2. #2
    Senior Member treanglin's Avatar
    Join Date
    Dec 2003
    Posts
    111
    I've never really had a chance to to use them but I've seen VPN penetration testing tools on the BackTrack CD from Max Moser and the Gang @ Remote-Exploit.org. BackTrack has many pen testing tools on it might be able to aid in scanning and discovery and patching of vulnerabilities in another scope of your assessment as well.

    Good Luck.
    "Do you know why the system is slow?" they ask

    "It's probably something to do with..." I look up today's excuse ".. clock speed"
    -BOFH

  3. #3
    Junior Member
    Join Date
    Jun 2006
    Posts
    10
    If I follow, you want to "fuzz" your PIX to test for isakmp vulnerabilities. If so, you may be interested in the protos isakmp fuzzer.
    http://www.ee.oulu.fi/research/ouspg...ng/c09/isakmp/

    If you are referring the the vulnerability I think you are, its not a problem isolated to Cisco devices, but most IKE implementations are vulnerable to DOS attacks. You are also not vulnerable unless you have enabled IKE and if I remember correctly, PIXs (and routers for that matter) have IKE disabled by default.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •