Penetration Testing mailing list archives
Re: Penetration test report - your comments please?
From: Curt Wilson <netw3 () netw3 com>
Date: 30 May 2001 23:42:28 -0000
Thanks for your comments. The basic issue with this pen test was that the company is a small company offering an internet service for the first time. Budget contraints were the main issue with the limitations placed on the pen test. I would have liked to attempt brute force, trashing, and assessment/penetration of the network infrastructure but these were not included in our arrangement. How do other pen testers handle issues with outsourced ISPs? This seems like a murky area unless you are actually testing the ISP themselves. Certainly, an attacker won't care about such artificial boundaries, as a vulnerability is a vulnerability, whether it appears in the clients IIS server (surely not! :), sendmail, open proxy server, public/private community strings on routers and network devices, or a weakly secured linux host at the ISP just ripe and waiting for a rootkit and sniffer on a non-switched network. Curt Wilson, Netw3 Consulting www.netw3.com 618-303-6383
Current thread:
- RE: Penetration test report - your comments please?, (continued)
- RE: Penetration test report - your comments please? pete (May 30)
- Re: Penetration test report - your comments please? simonis (May 30)
- Re: Penetration test report - your comments please? R. DuFresne (May 30)
- Re: Penetration test report - your comments please? bacano (May 30)
- Re: Penetration test report - your comments please? Brian Nottle (May 31)
- Re: Penetration test report - your comments please? Curt Wilson (May 31)
- Re: Penetration test report - your comments please? Brian Nottle (May 31)
- RE: Penetration test report - your comments please? samsi data (May 30)
- RE: Penetration test report - your comments please? railwayclubposse (May 31)
- RE: Penetration test report - your comments please? R. DuFresne (May 31)
- Re: Penetration test report - your comments please? rudi carell (May 31)
- Re: Penetration test report - your comments please? Curt Wilson (May 31)
- RE: Penetration test report - your comments please? Steve Skoronski (May 31)
- Re: Penetration test report - your comments please? Steve Chapin (May 31)