Penetration Testing mailing list archives

Re: RE: Changing Source Port during Penetration Testing?

From: Gadi Evron <ge () linuxbox org>
Date: Tue, 7 Nov 2006 16:45:36 -0600 (CST)

On 7 Nov 2006 emptybeerkann () gmail com wrote:

You are right. Most firewalls are stateful now, but what if the organization isn't using a firewall? What if they are 
using a router or some other device instead? This technique once again becomes a viable option.


Firewalls and GREAT, but they are not a necessity. Further, a router can
do quite a lot of what you would want from a firewall in most cases.

Which brings us back to pen-testing. Stateful is an issue when it comes to
that, but I don't see why that is any more than a configuration issue?

As most organizations do use a firewall, do you suggest this as a method
of checking for stateful inspection?

        Gadi.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

Changing Source Port during Penetration Testing? 09sparky (Nov 04)
- <Possible follow-ups>
- RE: Changing Source Port during Penetration Testing? Michael Scheidell (Nov 05)
- Re: RE: Changing Source Port during Penetration Testing? emptybeerkann (Nov 07)
  - Re: RE: Changing Source Port during Penetration Testing? Gadi Evron (Nov 07)
  - Re: RE: Changing Source Port during Penetration Testing? Jamie Riden (Nov 07)
- Re: Changing Source Port during Penetration Testing? warl0ck (Nov 09)