Penetration Testing mailing list archives
RE: Penetration test report - your comments please?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Thu, 31 May 2001 14:27:16 -0400 (EDT)
On Wed, 30 May 2001 railwayclubposse () hushmail com wrote: [SNIP]
his pen test posted on Security Focuses' Pen-Test mailing list brings up the question of the testing of protocols as to the OSSTMM (http://www.osstmm.org) and the reliability of NMAP's protocol scanning. As I apply the module "Port Scanning" the tasks for protocol identification are a bit difficult to automate. Of course, NMAP claims to do it but I consistantly get at least IGMP for most systems which I do have difficulty with accepting. I use NMAP for many of the tasks in that section but hav been hesitant on the protocol testing. Of course a bit of scripting will automate some but while I was a bit hesitant about NMAP's results I thought I would ask what others thought of this.
Agreed, and yet, we should perhaps be wary of relying upon a single tool or even two for determining the results of port scanning and vulnerability scans. Rather a number of tools should be used, as some of the weaknesses of single tools are better interpreted with an eye upon consistency of findings amongst the tools used. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior consultant: darkstar.sysinfo.com http://darkstar.sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Penetration test report - your comments please? Curt Wilson (May 30)
- RE: Penetration test report - your comments please? pete (May 30)
- Re: Penetration test report - your comments please? simonis (May 30)
- Re: Penetration test report - your comments please? R. DuFresne (May 30)
- Re: Penetration test report - your comments please? bacano (May 30)
- Re: Penetration test report - your comments please? Brian Nottle (May 31)
- Re: Penetration test report - your comments please? Curt Wilson (May 31)
- Re: Penetration test report - your comments please? Brian Nottle (May 31)
- <Possible follow-ups>
- RE: Penetration test report - your comments please? samsi data (May 30)
- RE: Penetration test report - your comments please? railwayclubposse (May 31)
- RE: Penetration test report - your comments please? R. DuFresne (May 31)
- Re: Penetration test report - your comments please? rudi carell (May 31)
- Re: Penetration test report - your comments please? Curt Wilson (May 31)
- RE: Penetration test report - your comments please? Steve Skoronski (May 31)
- Re: Penetration test report - your comments please? Steve Chapin (May 31)