Penetration Testing mailing list archives
Re: [PEN-TEST] Noisy ou stealthy ?
From: Iván Arce <core.lists.pentest () CORE-SDI COM>
Date: Wed, 8 Nov 2000 13:39:33 -0300
----- Original Message ----- From: "Nicolas Gregoire" <nicolas.gregoire () 7THZONE COM> Newsgroups: core.lists.pentest To: <PEN-TEST () SECURITYFOCUS COM> Sent: Wednesday, November 08, 2000 1:19 PM Subject: [PEN-TEST] Noisy ou stealthy ?
Hi pen-testers, just a question about methodology. When you are doing some pen-tests, do you use the noisy way (full port range scan, lot of scanning for cgi whitout IDS evasion techniques, brute force attacks on FTP) or the sthealthy one ?
Both. It all depends on time constraints, who did contract you to do the pen test and what are the requirements of the customer.
I think that the noisy way is easiest (just schedule a Nessus scan , a whisker scan and an ISS scan for the night, read the results and attack)
Well, generally we have to validate the results of our scans first. I dont know if this is the case for everyone here but we usually double check the results of nessus/iss/cybercop/nmap/etc. I havent seen yet two runs of any of those programs against a remote network across slow links that outputs exactly the same results. -ivan --- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, It's nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email : iarce () core-sdi com http://www.core-sdi.com Florida 141 2do cuerpo Piso 7 C1005AAG Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 ===================================================================== --- For a personal reply use iarce () core-sdi com
Current thread:
- [PEN-TEST] Noisy ou stealthy ? Nicolas Gregoire (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Jose Nazario (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Iván Arce (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Greg (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? andy lowton (Nov 11)
- Re: [PEN-TEST] Noisy/stealthy ? N Catlow (Nov 14)
- Re: [PEN-TEST] Noisy ou stealthy ? Don Bailey (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? a007 (Nov 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Noisy ou stealthy ? Eric Lauzon (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Dunker, Noah (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Masse, Robert (Nov 09)