Penetration Testing mailing list archives
Re: [PEN-TEST] Noisy ou stealthy ?
From: Don Bailey <baileydl () MITRE ORG>
Date: Wed, 8 Nov 2000 11:50:51 -0500
Nicolas Gregoire wrote:
When you are doing some pen-tests, do you use the noisy way (full port range scan, lot of scanning for cgi whitout IDS evasion techniques, brute force attacks on FTP) or the sthealthy one ?
I believe this is dependent on the event and type of attacks you are trying to emulate. For example, if you are in the midst of an eval that has "good-guys", you are obviously not going to blast away at targets. Instead, you slowly probe specific known addresses based on previous intelligence data, possibly compromise them, and begin racking up "stations" to hop from. Depending on the time allocated for the testing, you may even decrease the speed of scans to a trickle in an effort to fly below IDS thresholds--although it is rare that you ever have enough time to do this. When time is a factor, yet you still wish to give yourself an edge over the admins, scans in the midst of scripts that toss garbage at your targets may help in keeping the good-guys off your back or in a state of doubt--but usually only for a short while. You should plan on switching attack locations as a contigency for ACLs that start being implemented. For testing that occurs with the admins full knowledge (i.e. "today I will be scanning this range of your network for vulnerabilities... you're welcome to watch."), then by all means, whip out CyberCop and the rest of the bag of noisy tricks for an overnight fest, come back in the next morning, and evaluate your results. Sincerely, Don -- Don Bailey INFOSEC Engineer/Scientist Secure Information Technology The MITRE Corporation
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [PEN-TEST] Noisy ou stealthy ? Nicolas Gregoire (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Jose Nazario (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Iván Arce (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Greg (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? andy lowton (Nov 11)
- Re: [PEN-TEST] Noisy/stealthy ? N Catlow (Nov 14)
- Re: [PEN-TEST] Noisy ou stealthy ? Don Bailey (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? a007 (Nov 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Noisy ou stealthy ? Eric Lauzon (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Dunker, Noah (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Masse, Robert (Nov 09)