Penetration Testing mailing list archives

RE: Port Scanning.

From: "Piskovatskov, Alexey" <Alexey.Piskovatskov () bindview com>
Date: Mon, 13 Dec 2004 10:23:59 -0600

There's good document by NIST on this subject:
http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf

Because nature of the scanners to report false positives/negatives,
using multiple vendors and/or free tools is appropriate.

Best,

Alexey

-----Original Message-----
From: Faisal Khan [mailto:faisal () netxs com pk] 
Sent: Monday, December 13, 2004 8:47 AM
To: pen-test () securityfocus com
Subject: Port Scanning.



What's a good industry practise whilst doing port-scanning during a
pen-test.

Do you rely on the results of a single vendor's software or do you use 
multiple softwares?

Also, with each OEM/vendor - do you scan once or twice?

I need to do a scan on a Class C Address if that matters in any way.

Faisal



Faisal Khan,  CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information.

Current thread:

Port Scanning. Faisal Khan (Dec 13)
- Re: Port Scanning. robert (Dec 13)
  - Message not available
    - Re: Port Scanning. robert (Dec 22)
    - Message not available
    - Re: Port Scanning. robert (Dec 22)
    - Re: Port Scanning. robert (Dec 22)
- Re: Port Scanning. Delron Troy (Dec 13)
- Re: Port Scanning. Jeffrey Denton (Dec 14)
- <Possible follow-ups>
- Re: Port Scanning. miguel . dilaj (Dec 13)
  - Message not available
    - Re: Port Scanning. Faisal Khan (Dec 13)
- RE: Port Scanning. Piskovatskov, Alexey (Dec 13)
  - RE: Port Scanning. rzaluski (Dec 14)
    - Re: Port Scanning. Martin Mačok (Dec 15)
- RE: Port Scanning. miguel . dilaj (Dec 14)
- RE: Port Scanning. Faisal Khan (Dec 14)
- Re: Port Scanning. infosecgod (Dec 15)