Penetration Testing mailing list archives
RE: CEH training
From: "Richard Zaluski" <rzaluski () ivolution ca>
Date: Tue, 21 Jun 2005 09:47:38 -0400
I do agree with you and I was making a generalized statement. Meaning, it's much better to run a tool such as nmap in the Unix / Linux realm then on Windows. The same goes for the Windows with the basic net view commands. Each has its place and use and as a Penetration tester you have to know your utilities and tools and how they work. Richard Zaluski CISO, Security and Infrastructure Services iVOLUTION Technologies Incorporated 905.309.1911 866.601.4678 www.ivolution.ca rzaluski () ivolution ca Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D 5DE5 B011 BD8C ======================================================================= CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender. Any unauthorized review, use, disclosure, or distribution is prohibited. ======================================================================= -----Original Message----- From: Pete Herzog [mailto:lists () isecom org] Sent: Thursday, June 23, 2005 5:49 AM To: Richard Zaluski Cc: glemmon () onealwebster com; brzurom () tycho ncsc mil; pen-test () securityfocus com Subject: Re: CEH training Have to disagree with you here somewhat Richard. But I think your conciseness is your error. It's not better to run a tool on the OS it was designed on. It's best to run a tool designed on an OS with a platform and infrastructure that touches or manipulates the original packets the least. You can use windows to make a windows tool and run it on windows but it still won't run better than a tool which runs over a non-interfering OS, where the kernel does not try to translate information for you, no packet translation, packet inspection, or additional packet noise occurs in addition to the operating environment of the tool. Every layer of abstraction or interpretation between the request and the response, including those made by the tool itself, are layers where mistakes can be and will be made. The reason why tools under Windows may function less desirably than some other OSes is the layers introduced when making the tool, running the tool, making the request, receiving the response, and the packet noise made inheritently on networks where the OS resides. Windows is a user's OS for users with ease-of-use and administration being of primary functions. It is not the right tool for the job, for any job, that is not specifically testing the functioning of a windows environment from a Windows user/administrator perspective. Otherwise it's like reading one or two ad-soaked magazines about new security technology to make a decision on what kind of firewall you need for your network. It gives you info but you can only speculate on the accuracy and interpretation of that information. Sincerely, -pete. -- Pete Herzog - Managing Director - pete () isecom org ISECOM - Institute for Security and Open Methodologies www.isecom.org - www.osstmm.org www.hackerhighschool.org - www.isestorm.org ------------------------------------------------------------------- ISECOM is the OSSTMM Professional Security Tester (OPST), OSSTMM Professional Security Analyst (OPSA), and Hacker Highschool Teacher certification authority. Richard Zaluski wrote:
Regarding "tools" and windows, most of the security tools that run on Windows are simply ported over from the *nix world. They run much better and often times allow much more flexibility in their use due to the way Windows and *nix operates and interacts with them. Its much better, in my opinion to run a tool on its native operating
system.
I have seen nmap for example running on MS 2000 professional completely lag behind the *nix version.
Current thread:
- RE: CEH training, (continued)
- RE: CEH training Drage, Nick (Jun 22)
- RE: CEH training Tim Singletary (Jun 22)
- Re: CEH training Michael Hammer (Jun 22)
- RE: CEH training Tony Mesenbrink (Jun 22)
- Re: CEH training Gareth Davies (Jun 23)
- RE: CEH training Tim Singletary (Jun 22)
- RE: CEH training Zuromski, Brian (Jun 22)
- RE: CEH training glemmon (Jun 22)
- RE: CEH training Richard Zaluski (Jun 22)
- Re: CEH training D K (Jun 22)
- Re: CEH training Pete Herzog (Jun 23)
- RE: CEH training Richard Zaluski (Jun 23)
- RE: CEH training Richard Zaluski (Jun 22)
- RE: CEH training Torig (Jun 22)
- RE: CEH training Tim Singletary (Jun 23)
- RE: CEH training Drage, Nick (Jun 22)
- RE: CEH training glemmon (Jun 24)
- RE: Sample pent test agreement evb (Jun 26)
- RE: Sample pent test agreement Erin Carroll (Jun 26)
- RE: Sample pent test agreement Irene Abezgauz (Jun 26)
- RE: Sample pent test agreement random (Jun 27)
- Re: Sample pent test agreement Pete Herzog (Jun 30)
- RE: Sample pent test agreement evb (Jun 26)
- RE: Sample pent test agreement Password Crackers, Inc. (Jun 27)
- Skill set ? prdp (Jun 30)