Penetration Testing mailing list archives
Re: RE: Changing Source Port during Penetration Testing?
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 7 Nov 2006 16:45:36 -0600 (CST)
On 7 Nov 2006 emptybeerkann () gmail com wrote:
You are right. Most firewalls are stateful now, but what if the organization isn't using a firewall? What if they are using a router or some other device instead? This technique once again becomes a viable option.
Firewalls and GREAT, but they are not a necessity. Further, a router can do quite a lot of what you would want from a firewall in most cases. Which brings us back to pen-testing. Stateful is an issue when it comes to that, but I don't see why that is any more than a configuration issue? As most organizations do use a firewall, do you suggest this as a method of checking for stateful inspection? Gadi. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Changing Source Port during Penetration Testing? 09sparky (Nov 04)
- <Possible follow-ups>
- RE: Changing Source Port during Penetration Testing? Michael Scheidell (Nov 05)
- Re: RE: Changing Source Port during Penetration Testing? emptybeerkann (Nov 07)
- Re: RE: Changing Source Port during Penetration Testing? Gadi Evron (Nov 07)
- Re: RE: Changing Source Port during Penetration Testing? Jamie Riden (Nov 07)
- Re: Changing Source Port during Penetration Testing? warl0ck (Nov 09)