Penetration Testing mailing list archives

RE: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection

From: "Michael Scheidell" <scheidell () secnap net>
Date: Tue, 19 Jun 2007 19:42:11 -0400

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Tommy May
Sent: Tuesday, June 19, 2007 1:57 PM
To: pen-test () securityfocus com
Subject: Pen testing / Vuln Assessment from Cable Modem - 
question on service provider selection

Wondering if anyone else has had the same challenge...

Issue - A standard nessus scan or nmap will choke my service 
from a standard home based cable modem service.

I currently use comcast, standard home-based cable modem 
service.  I am considering going the business class route, 
but before I pay for all the extra money, do any of you all 
have any advice?

I need to have a solid provider that is "used to dealing with 
pen-test like customer businesses"... is there someone that 
you all may be able to recommend that won't cost an arm and a


Every single provider you find will have provisions in their contract
directly prohibiting that.
Imagine the legal paperwork any of these services would need to do to
make sure you weren't just a hacker or skiddy?
_I_ trust you, but they might not.

If it took their lawyers 2 days to draft a special agreement with you,
what would that cost?
There is no 'pen-test like' service.

The other issue is your cable modem, dsl modem, satellite modem,
whatever.  If it has a stateful firewall, and you only paid $39.95 for
it, how much ram do you think it has? How many connections do you think
it could hold open?

To pentest ONE target, possible 65,535 connections (times two)? For ONE
IP address?
A $600 sonicwall has enough ram for, oh, maybe 4000 concurrent
connections,
A cisco ASA5500 with security plus license might do 65,000 connections
(assuming 80% tcp, 20% udp)
That will cost you, oh, $15,000?

The $100 a month for the internet connection is the least of your
worries.
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm).
For Information please see http://www.spammertrap.com
_________________________________________________________________________

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

Current thread:

Pen testing / Vuln Assessment from Cable Modem - question on service provider selection Tommy May (Jun 19)
- Re: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection Morgan Reed (Jun 19)
  - Re: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection R. DuFresne (Jun 21)
- <Possible follow-ups>
- RE: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection Michael Scheidell (Jun 19)
- Re: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection Tommy May (Jun 21)