RE: pbnj and alternatives

[Miguel Gonzalez <miguel_3_gonzalez () yahoo es>]

Yes, it does, as I said in my previous email the tool is called pbnj and is part of Backtrack live cd 
(http://pbnj.sourceforge.net/)

The only thing that I was thinking to add to pbnj was a "new" state, since as it is now, it only tracks if a port is 
open or closed. Unfortunately it's not easy to dig into someone else's code with no documentation and not many comments 
inside the code (besides I'm not a perl expert).

I have also been told that there is more advanced tool called ossec hids that does more stuff (http://www.ossec.net/)

Miguel

--- El lun, 5/4/10, Shenk, Jerry <Jerry.Shenk () windstream com> escribió:

> De: Shenk, Jerry <Jerry.Shenk () windstream com>
> Asunto: RE: pbnj and alternatives
> Para: "Miguel Gonzalez" <miguel_3_gonzalez () yahoo es>, pen-test () securityfocus com
> Fecha: lunes, 5 de abril, 2010 14:25
> I think something SIMPLE that does
> just what you've talked about sounds like a good idea. 
> I've toyed with the idea a bit myself...am currently doing
> it manually.  I kindof automate it a little...the scan
> is automated and a stripped down report is automated but
> then I have to manually check the ports with last weeks
> report...takes about 2 minutes.
>
> Who knows, maybe it does exist;) 
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> On Behalf Of Miguel Gonzalez
> Sent: Friday, April 02, 2010 10:06 AM
> To: pen-test () securityfocus com
> Subject: pbnj and alternatives
>
>
> Dear all,
>
>  I'm testing a tool called pbnj. It performs scans with
> nmap and store the information in a database that is used
> for comparing previous scans.
>
>  It's not a tool for monitoring like Nagios (which we'll
> already have). We are not going to coutinously run this
> script (like every 5 minutes) but maybe once a day or week.
>
> They aim is to to keep a baseline of the services that
> SHOULD BE open in our servers in a database and compare it
> to the scan we perform from time to time. A report should
> tell us two things:
>
> - If a new port has been open. That way we can be sure that
> no new ports 
> are open without being warned.
>
> - If a port that should be open is closed.
>
>
> Before reinventing the wheel, I'd like to know if there is
> any tool like this with better functionality (it's pretty
> basic, a perl script, the reports and the routine scans have
> to be configured manually).  As I said, essentially
> performs a scan (with nmap) over a range of IPs and stores
> the results in a database. Then it tells you if a port has
> changed its state (from up to down or viceversa - however
> I'm digging the code to add a "new" state too).
>
>
> Any other tool similar to this one with better
> capabilities?
>
> Thanks,
>
> Miguel
>
>
>
>
>       
>
>
>       
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance
> Certification Review Board
>
> Prove to peers and potential employers without a doubt that
> you can actually do a proper penetration test. IACRB CPT and
> CEPT certs require a full practical examination in order to
> become certified. 
>
> http://www.iacertification.org

> ------------------------------------------------------------------------
>
>
> ***************************************************************************************
> The information contained in this message, including
> attachments, may contain
> privileged or confidential information that is intended to
> be delivered only to the
> person identified above. If you are not the intended
> recipient, or the person
> responsible for delivering this message to the intended
> recipient, Windstream requests
> that you immediately notify the sender and asks that you do
> not read the message or its
> attachments, and that you delete them without copying or
> sending them to anyone else.




------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------