Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Core Impact references

from [ADT] Network Security [Permanent Link]
Subject: Re: Core Impact references
Date: Sun, 13 Nov 2005 13:21:58 -0800 
Transmission between gateways?  You mean like a router?  tcpreplay has
supported rewriting IP/MAC addresses to allow for forwarding through a
router or proxy-arp device for well over a year now.  True, it doesn't
support NAT gateways unless there is a 1:1 relationship between the
public/private addresses.  Although I can say with near certainty that
nobody has ever asked for that feature either.

"Guaranteed packet delivery" is impossible.  Resending a dropped
packet doesn't mean it will get through if that packet was dropped
intentionally by an inline device such as a firewall or IPS.
You can accomplish "best effort" and resend dropped packets, but
sooner or later you have to give up or fall into an infinate loop.

Either way, as I said earlier, I don't see tcpreplay or Traffic IQ
being really useful here.  Neither is appropriate for replaying
traffic generated by a security tool such as CoreImpact since you
can't use either to actually connect to a remote service or provide
any means to interpret the results other then a tedious manual
process.   Or did I miss that update? :)

On 11/12/05, Sam Johnson <sjohnson@karalon.com> wrote:

Excellent news.  When did TCP Replay support the transmission between
gateways and address translation with guaranteed packet delivery?  I must
have missed that update.

SJ



-----Original Message-----
From: ADT [mailto:synfinatic@gmail.com]
Sent: 11 November 2005 19:28
To: pen-test
Subject: Re: Core Impact references

If you're going to go through the effort of capturing/replaying
traffic, you could also use tcpreplay.  While it doesn't have a pretty
gui, it offers basically the same functionality for free.

Honestly though, if you want to actually use CI against a set of
hosts, then neither tcpreplay or Traffic IQ would seem to be up to the
task since they're stateless and unable to establish TCP sessions to a
target (both are designed to test inline firewalls/IPS or passive
devices like IDS).  Flowreplay (part of tcpreplay 3.x) is supposed to
fill that gap, but is still alpha quality at best right now.

On 11/10/05, Tony Haywood <thaywood@karalon.com> wrote:

Jason,

Traffic IQ Pro has the ability to set a delay on a per packet or per

traffic

file basis by up to 1 hour in minute, second and millisecond increments.

If you are already using Core Impact but it is not providing this

capability

then you could capture the output and import the captures into Traffic IQ
for replay.




------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: un Knopix , PHLAK or other bootable linux from Hard drive., Eliah Kagan
Next by Date:  RC4-128 tool?, Jeroen
Previous by Thread:  RE: Core Impact references, Sam Johnson
Next by Thread:  Re: Core Impact references, Ivan Arce
Indexes:  [Date] [Thread] [Top] [All Lists]