Penetration Testing mailing list archives
Re: [PEN-TEST] Noisy ou stealthy ?
From: "Dunker, Noah" <NDunker () FISHNETSECURITY COM>
Date: Wed, 8 Nov 2000 10:32:55 -0600
This totally depends on what the client wants from us. Obviously, sneaky attacks take a lot more time, but are usually a better simulation of a skilled attacker. A lot of times, clients want a report that shows how vulnerable they are to a full-blown corporate espionage attack including social engineering, stealth scanning and IDS Evasion, and possibly even phys-testing as well. This sort of pen-test takes a lot of time, and is very expensive. We do offer "quick & dirty" tests, but just using ISS, whisker & nessus barely qualifies as a pen-test. We do manual attacks as well. Basically it comes down to the scope of the pen-test: do you want to only test how well the systems resist attacks? or do you want to see how your employees & systems HANDLE attacks? Everything has a degree of real-ism... You can go totally fake and pound the heck out of their systems with their permission while they watch and ogle... or you can be realistically stealthy, and actually simulate a high-level attack. -----Original Message----- From: Nicolas Gregoire [mailto:nicolas.gregoire () 7THZONE COM] Sent: Wednesday, November 08, 2000 10:17 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Noisy ou stealthy ? Hi pen-testers, just a question about methodology. When you are doing some pen-tests, do you use the noisy way (full port range scan, lot of scanning for cgi whitout IDS evasion techniques, brute force attacks on FTP) or the sthealthy one ? I think that the noisy way is easiest (just schedule a Nessus scan , a whisker scan and an ISS scan for the night, read the results and attack) but can't really test the efficacity of corporate defenses. The stealthy way is more time-consuming, but more funny .... So, what's your method ? Nicob
Current thread:
- [PEN-TEST] Noisy ou stealthy ? Nicolas Gregoire (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Jose Nazario (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Iván Arce (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Greg (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? andy lowton (Nov 11)
- Re: [PEN-TEST] Noisy/stealthy ? N Catlow (Nov 14)
- Re: [PEN-TEST] Noisy ou stealthy ? Don Bailey (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? a007 (Nov 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Noisy ou stealthy ? Eric Lauzon (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Dunker, Noah (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Masse, Robert (Nov 09)