Penetration Testing mailing list archives
[PEN-TEST] 2 quick questions
From: Leon Rosenstein <l_rosenstein () MONTELSHOW COM>
Date: Fri, 15 Dec 2000 09:55:18 -0500
Hi everyone I was curious about two things as far as pen testing goes. First is I was curious about routers: If a network has a router (a hardware one, not a computer running Linux or NT). Is there anything to be gained from breaking into the router through one of the remote administration points? Is this thus a fruitless exercise or is there something to show the customer or gain yourself if you are auditing your network's security? Second I was curious about social engineering. Is this considered "fair play?" Is it discussed in advance? If you're allowed to do it how far do you take it? Do you take it the point where you do a mass mailing of BO or Sub 7 to show the owners of the network how vulnerable they are to this flaw (because isn't social engineering kind of a flaw even though it is a human one?) Or do you just stop with tricking them into revealing user names and passwords? I am not pen testing, I was just thinking about these things before I fell asleep last night and I was curious. Anyway public or private responses welcome. Thanks.
Current thread:
- [PEN-TEST] 2 quick questions Leon Rosenstein (Dec 16)
- Re: [PEN-TEST] 2 quick questions Talisker (Dec 16)
- Re: [PEN-TEST] 2 quick questions Bill Pennington (Dec 16)
- Re: [PEN-TEST] 2 quick questions M Schubert (Dec 16)
- Re: [PEN-TEST] 2 quick questions sporty o'one (Dec 16)
- Re: [PEN-TEST] 2 quick questions Joe Shaw (Dec 19)
- <Possible follow-ups>
- Re: [PEN-TEST] 2 quick questions Bock, John (ISS San Francisco) (Dec 18)
- Re: [PEN-TEST] 2 quick questions Jose Nazario (Dec 18)
- Re: [PEN-TEST] 2 quick questions Skinner, Tim L. (Dec 19)