RE: Penetration test report - your comments please?

["R. DuFresne" <dufresne () sysinfo com>]

On Wed, 30 May 2001 railwayclubposse () hushmail com wrote:

        [SNIP]

> his pen test posted on Security Focuses' Pen-Test mailing list brings up
> the question of the testing of protocols as to the OSSTMM
> (http://www.osstmm.org) and the reliability of NMAP's protocol scanning. 
>  As
> I apply the module "Port Scanning" the tasks for protocol identification 
> are
> a bit difficult to automate.  Of course, NMAP claims to do it but I
> consistantly get at least IGMP for most systems which I do have difficulty
> with accepting.  I use NMAP for many of the tasks in that section but hav
> been hesitant on the protocol testing.  Of course a bit of scripting will
> automate some but while I was a bit hesitant about NMAP's results I thought
> I would ask what others thought of this.

Agreed, and yet, we should perhaps be wary of relying upon a single tool
or even two for determining the results of port scanning and vulnerability
scans.  Rather a number of tools should be used, as some of the weaknesses
of single tools are better interpreted with an eye upon consistency of
findings amongst the tools used.

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior consultant:  darkstar.sysinfo.com
                  http://darkstar.sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!