Re: penetration tester advice

[Kristopher Matthews <krism () evilpen net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mehmet,

Can you explain more of what you want the program to do?

How thoroughly do they want tested? I mean, would an nmap[1] sweep of
thier network suffice? Do they want to make sure they're not running any
vulnerable protocols? (A packet sniffer would do wonders here, along
with knowledge about which services are cleartext and which are ciphered.)

Some common cleatext protocols: telnet, ftp, pop3, smtp[*], http[*1].
I'm sure others can come up with many more.


Regards,
Kristopher Matthews


* not all are configured for smtp auth, so this might be a non-issue.
*1 not usually a problem unless sensitive data is being transferred

- --
[-] http://evilpen.net/pubkey.asc || pgp.mit.edu
[+] 1024D/7F390CED 2003-09-15
[|] 8A0B BE3D F433 1550 748B  D05B 6E4D BFB3 7F39 0CED
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQE/aKXEbk2/s385DO0RAsH2AJ9cLTvqtfFVc4XRKFbFqKmCQMm0jQCgplsD
kTpCA7KrmaU4YlM2uW2tc/8=
=AutJ
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
- Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
- Precisely Define and Implement Network Security 
- Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------