Penetration Testing mailing list archives
Re: Scanning through an IPS
From: Matt - MRS Security <matt () mrssecurity com>
Date: Wed, 24 Sep 2008 18:43:16 +0100
Andre Gironda wrote:
Andre, What are your thoughts on the above? Your saying don't do it... But why?On Tue, Sep 23, 2008 at 11:28 AM, jond <x () jond com> wrote:I'm wondering what techniques everyone else uses when you know for a fact you're scanning a client who has an Intrusion Prevention System.1) Don't do pen-testing or vulnerability assessments like this. See post/comments: http://securosis.com/2008/09/19/how-to-tell-if-your-pci-scanning-vendor-is-dangerous/
Would it not be more cost effective for the merchant to have his full range tested? instead of maybe 2 ports? (SMTP/WWW)
Matt. ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Scanning through an IPS jond (Sep 23)
- Re: Scanning through an IPS natron (Sep 23)
- Re: Scanning through an IPS Andre Gironda (Sep 23)
- Re: Scanning through an IPS Matt - MRS Security (Sep 24)
- Re: Scanning through an IPS Andre Gironda (Sep 24)
- Re: Scanning through an IPS Marco Ivaldi (Sep 24)
- Re: Scanning through an IPS Matt - MRS Security (Sep 24)
- Re: Scanning through an IPS Todd Haverkos (Sep 24)