View Full Version : pentesting an ISP infra.

06-24-2015, 07:56 PM
Hello everybody.
if you are in a ISP network, and wants to perform a pentesting operation what is your steps?
you have assets like : DSLAMs, bras, ibs , cache , too maney routers, DNS and something like this.

06-25-2015, 07:39 PM
first you have to split the whole isp services from beginning to the end , not just test the netowrk !

1-networks [ routers with all services and all attack modes, like bruteforce , any public/private exploit or DOS/DDOS Attack , quality of network and bandwidth , sometimes caches and high availabilities of servers and etc ]
2-users panel [ sometimes users have a panel [web base] to manage /recharge and monitoring of network usage and etc which you have to pentest against any attacks and take care of user info won't to be leak ]
3-users limitation [ access of users to others users (ex: if they have valid ip and what if other user grab other user password and want to use hacked account and control mac filtering and etc ) and block icmp tunneling and etc ]
4-admin panels and services [ pentest admin panel and secure there ex: some isp use ibsng and ... to control users and it have some vuln , it could be web base panel or anything on any operation system , so you have to analysis all you have and then start for pentest] and by the way usually isp have site and it might be secure too

all services i told you have much sub-services/os/ and way to attack , as i said again , in first step you have to see what's all of you have there , and then pentest all of them step by step

06-26-2015, 12:50 AM
thanks really! so much
after this, is there any threat around routing protocols and any tunnels between PAP centers which placed in telecoms?
these are so big in scale & complex.
assume, you are sit in ISP and can have access to all edge/core switch router, is yersinia good?