| ||
Assessing handling of IP spoofing
Assessing handling of IP fragmentation and fragment overlapping
Assessing IPID sequences and zombie scan host vulnerability
Assessing handling of oversized and incorrect checksum raw IP packets
Assessing NAT/PAT operations and DMZ implementation
Assessing the response to protocol type scans
Assessing handling IP options and vulnerability to strict and loose source routingbased attacks
Assessing broadcast/directed broadcast traffic filtering/ smurf protection Mapping Layer 3 access lists
Assessing redirection attacks via ICMP types 5, 9, and 10
Assessing ICMP queries ( netmask , time)
Assessing handling oversized and incorrect checksum ICMP packets and ICMP source quench flooding effects
Assessing ICMP filtering settings and capabilities
Performing ICMP-based fuzzy OS fingerprinting
Assessing handling oversized, fragmented , and incorrect checksum IGMP packets
Assessing DOCSIS security compliance of the IGMP implementation
Assessing security and stability of Layer 3 tunneling protocols (IPIP, GRE) implementation. Tunnel sniffing and insertion attacks
Assessing authentication security and route injection/traffic redirection for RIP
Assessing authentication security and route injection/traffic redirection for IGRP and EIGRP
Assessing authentication security and route injection/traffic redirection for OSPF
Assessing authentication security and route injection/traffic redirection for iBGP and eBGP
Assessing routing information leakage/passive ports implementation
Assessing route distribution lists implementation and function
Assessing authentication security and traffic redirection for HSRP and VRRP
Mapping IPSec implementations
Assessing IPSec traffic forwarding
Assessing IPSec concentrator function
Assessing IPSec ciphers and compression support (hardware/software)
Assessing IPSec modes and authenticator types
Assessing security of other Layer 3 security protocols (for example, VTUN)
| ||