Hosting Provided By

RE: IRIX Pen Testing/Hardening

From: Aleksander P. Czarnowski <alekc(at)avet.com.pl>
Date: Wed Jul 09 2003 - 06:04:41 EDT

Hi
> Does IRIX have something like Sun's JASS
> or Titan ToolKit to lockdown systems?
It's not exactly Titan or JASS or YASS for Solaris, but take a look at TARA (www-arc.com) from ARC - it's an upgrade to TIGER and it support IRIX 6.5. Unfortunately the publicly available version is outdated but it is very easy to tailor TARA to your own needs as it is implemented mainly as shell script. TARA can help you in evaluation process of areas that need hardening or to verify some areas of your hardening process.

The only use of TARA during pen-test I can think of is during test when you already have an account on attacked host and just wish to check for few simple vulnerabilities that would be helpful in further system penetration.

There is also a good paper on IRIX/MIPS shellcode: http://packetstormsecurity.nl/groups/teso/mipsshellcode.pdf

It can give you important details that will let you start from solid ground.

Best Regards,
Aleksander Czarnowski
AVET INS

The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users.

Visit Tenable Network Security at http://www.tenablesecurity.com to learn more.

Received on Wed Jul 9 11:57:38 2003

This message: [ Message body ]
Next message: Jeff Bollinger: "Re: Unusual Web Server"
Previous message: martyn.a.roberts(at)bt.com: "RE: Product review postings (was Administrivia)"
Maybe in reply to: North, Wesley J (US SSA): "IRIX Pen Testing/Hardening"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:39 EDT