Re: rose fragmentation attack

To:	Jay <jay.tomas@infosecguru.com>
Subject:	Re: rose fragmentation attack
From:	"Justin Ferguson" <jnferguson@gmail.com>
Date:	Wed, 27 Jun 2007 11:55:40 -0700
Cc:	pen-test@securityfocus.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
Dkim-signature:	a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CVB7Xk7OR22ziKfe0Lz6cY7dBG+nCwqAYJ/V1ZzZQJ2akjYMeZKhc0ZmW3JjfLR5pAlX2Pjq7taD6Psg3JlTAO5f77AfZLPZONj3Coyqo2CGUl4QTmKTjoVdMdbMvqaN7qz2EFQGweO+HAaGfjIRwWOlgNgDiBY+OcR+zDjv3SQ=
Domainkey-signature:	a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GVb1VfmSdBM937wutjy/RrkJOpVG+Ba2VEs/G1dJKPUZra9eA/flzI+R69qgPZRdYRvpf2lcihF7SUJOCoeQ68znyEz+jGr6SOcK5GoMYBmZjgB1ZrAVWRuxcUM16/xfJcLrqtFqFSGJ3B/gVNWEm08+gL4/rEyT8YcBul47/fg=
In-reply-to:	<26BF9CC512FD4414BCDC6A29E7FEA262.MAI@thewolfenet.com>
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<26BF9CC512FD4414BCDC6A29E7FEA262.MAI@thewolfenet.com>
Resent-date:	Wed, 27 Jun 2007 13:47:46 -0600 (MDT)
Resent-from:	pen-test-return-1078484494@securityfocus.com
Resent-message-id:	<20070627194746.035AD144BFD@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Yes it could be part of a pen-test, just like popping the internal
webserver and putting up mpack to own the workstations could be,
however my point being that I've never been involved in one where DoS
was in scope (in fact every boilerplate that ive seen has specifically
included language to strictly prohibit it).

On 6/27/07, Jay <jay.tomas@infosecguru.com> wrote:

DoS could very well be part of a penetration test. It just depends on whether 
you have permission from the client.

It is important to understand every vector that may be used to attack the 
infrastructure.

Customarily this would be a test environment that mirrors production that would 
not impact their clients if it was taken offline.

Its better they know they are susceptable to DoS in a penetration test vs. when 
their site is offline for hours/days when a botnet comes a knocking.

Jay

----- Original Message -----
From: Justin Ferguson [mailto:jnferguson@gmail.com]
To: pen-test@securityfocus.com
Sent: Wed, 27 Jun 2007 08:25:31 -0700
Subject: Re: rose fragmentation attack

i apologize to everyone whose time i wasted with their helping me, but
i was curious, The rose attack was a DoS, and I cannot recall a single
penetration test where DoS was in scope, which should make one
question the legitimacy of my request, however that didn't happen (i
got a lot of pretty helpful replies)

So really, whats the difference between what I asked and what this guy asked?

> --- Nikolaj <lorddoskias@gmail.com> wrote:
>
> > Anyone has some first-hand info about this exploitation toolkit? Or
> > any info where it can be bought?
>
>
>
> Kishore
> Penetration Tester
> Smart Security
> T.Nagar , Chennai
> Phone: 91 98841 80767
>

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
rose fragmentation attack, Justin Ferguson Re: rose fragmentation attack, siddkantroo Re: rose fragmentation attack, eladexposed RE: rose fragmentation attack, Jay Re: rose fragmentation attack, Justin Ferguson Re: rose fragmentation attack, Roland Dobbins Re: rose fragmentation attack, Jay Re: rose fragmentation attack, Jay Re: rose fragmentation attack, Justin Ferguson <=

Previous by Date:	Re: finding remote mac, Orlin Gueorguiev
Next by Date:	Re: rose fragmentation attack, Jay
Previous by Thread:	Re: rose fragmentation attack, Jay
Next by Thread:	finding remote mac, talktorishav
Indexes:	[Date] [Thread] [Top] [All Lists]