Penetration Testing mailing list archives
RE: An Amateur Pen-Test
From: "Brown, Joel" <jbrown () intrusion com>
Date: Tue, 26 Jun 2001 12:00:32 -0500
Max, The link you mentioned below is no bueno, http://www.packetfactory.net/projects/firewalk/ seems to do the job Joel
Try firewalk (www.packetfactory.net/firewalk/) for firewall and ACL test. Also, if you want to delve deeper into the fun of pentesting, try social engineering (call them and lie, and try to get passwords to routers, etc), and try trashing, if you have access to their premisses.
max
On Thu, 21 Jun 2001, David Fuller wrote:
My ISP has asked me to do a penetration test for them and I would like to get an overview of what I should do short of running Nessus and banging on there (IDS / Logs) door. I have gone over there network with a few scripts and knowledge I have picked up from the list and Security Focus and I have discovered all there class C address spaces, I have found two servers vulnerable to a Unicode exploit and from there able to find out about a
few
host sitting behind a ACL / Firewall. Is there anything else I should be doing... like testing there firewall and seeing if I can scan the network behind it. David. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
-------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- An Amateur Pen-Test David Fuller (Jun 22)
- Re: An Amateur Pen-Test max (Jun 24)
- Re: An Amateur Pen-Test Damieon Stark (Jun 24)
- <Possible follow-ups>
- RE: An Amateur Pen-Test Brown, Joel (Jun 26)
- Re: An Amateur Pen-Test Jeff Magwood (Jun 29)