Penetration Testing mailing list archives

Re: pricing model for Pen-test

From: Martin Mačok <martin.macok () underground cz>
Date: Thu, 13 Nov 2003 10:41:50 +0100

On Wed, Nov 12, 2003 at 08:47:53PM -0000, a55mnky () yahoo com wrote:

We are responding to an RFP with very little detail - client has
6 class C networks.  We have been given no information on how many
hosts are live on each and/or how many services are offered on any
hosts.  Any suggestions on how to price the engagement


We always ask for permission to do a "sweep" portscan before we make
the final offer and the price is based on number of open ports and the
type of ports - webserver (ports 80 and 443) usually costs a little
more than a router (ports 23, 123) etc.

Something like
nmap -sS -P0 -vvv --max_rtt_timeout=<XXX> -T2 -p<TOP60> <DEST.RANGE>

-- 
         Martin Mačok                 http://underground.cz/
   martin.macok () underground cz        http://Xtrmntr.org/ORBman/

---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_pen-test_031023
and use priority code SF4.
----------------------------------------------------------------------------

Current thread:

pricing model for Pen-test a55mnky (Nov 12)
- RE: pricing model for Pen-test Robert E. Lee (Nov 15)
- RE: pricing model for Pen-test Pete Herzog (Nov 15)
- Re: pricing model for Pen-test Martin Mačok (Nov 15)
- <Possible follow-ups>
- Re: pricing model for Pen-test dave (Nov 15)
  - RE: pricing model for Pen-test Bojan Zdrnja (Nov 15)
- Re: pricing model for Pen-test dave (Nov 16)