RE: nmap root vs user question

["Rob" <synja () synfulvisions com>]

Is anybody else somewhat worried about this person doing penetration testing
and PCI compliance auditing?

No offense dude, but this is not something that can be learned from a
security basics mailing list. 

I do want to help, and I do want you to learn, but not at the expense of a
client's security.

>         *From:* ToddAndMargo
>         *Subject:* bandwidth question
>         Hi All,
>
>         A customer has asked me to do some human penetration
>         testing for PCI compliance.  I am planning on doing a bunch
>         of probing with nmap to look for openings.  I plan to log into
>         the customer's network with Open VPN over my DSL line.
>         (And Metasploit when I figure out how to use it too.)
>
>         Question: what kind of bandwidth do I need?  I have
>         ~3 Mbps download and ~.7 Mbps upload?  Am I going
>         to swamp my DSL modem?  Or is there enough wait time
>         between probes that that is not an issue?
>
>         Many thanks,
>         -T


Yeah.... This is going to end up with an entry in datalossdb.org
Rob



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of ToddAndMargo
Sent: Friday, October 04, 2013 5:29 PM
To: security-basics () securityfocus com
Subject: nmap root vs user question

Hi All,

"#" is my "root" prompt and "$" is my user prompt.

Question: why does namp sometimes work as root and not as a user?  Why no
warning that a command has to be run as root?


This works as root:
      # nmap -p T:5020,5900 192.168.202.210
      Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-04 14:25 PDT
      Nmap scan report for 192.168.202.210
      Host is up (0.00063s latency).
      PORT     STATE    SERVICE
      5020/tcp filtered zenginkyo-1
      5900/tcp filtered vnc

Same command does not work as a user:
      $ nmap  -p T:5020,5900 192.168.202.210
      Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-04 14:25 PDT
      Note: Host seems down. If it is really up, but blocking our
            ping probes, try -Pn


Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------