Security Basics mailing list archives
pen test v2.0
From: "Mehmet Buyukozer" <mbuyukozer () gmx co uk>
Date: Thu, 18 Sep 2003 13:24:05 -0700
Dear friends; i really thank you for your help. Somebody told me that i should search on the internet than ask a question in this group. Firstly i wanted to answer this question explicitly, i am already doing so. The aim behind asking question here was to learn the opinions of experts like you. Secondly i will try to explain the situation. Our customer wanted us to scan their computers which are open to internet. they wanted to see if some real hackers try to hack and what could be the results. So ids or firewall logs don't matter very much at first sight. anyway we used: Nessus AppScan Retina ISS NMAP I know something about pen test. I mean i am already familiar with the pen test , but wanted to learn deeply. and the answers and links that you gave helped really much. At the end of our test, we find only the HTTP open to the internet and they already patched very well.How did we understand this? we tried many known exploits and also add to the reports that some known vulnerabilites but havent written an exploit for it, and advice them to follow the patch. We used NMAP for OS detection and find they are using W2K with SP2, and IIS 5.0, at the beginning we couldnt ping but then tried to tracert, we got answer and finally we add all these stuff to VA. If you have some further question or advice about our survey, i really want to hear them. Thanx in advance --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- pen test v2.0 Mehmet Buyukozer (Sep 18)