Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 010135.html (Request Expert securityfocus.com Support)

Penetration Testing using OSSTMM

From: Indian Tiger <indiantiger(at)mailandnews.com>
Date: Mon Jan 13 2003 - 10:45:46 EST


Dear All,

I am new to this list and heartily apologies if I could have put any irrelevant query. OSSTMM has defined fantastic rules and guidelines on testing security. Is there any document available on OSSTMM, which describe how to do tasks or described them in detail? I have some queries on how to perform rules and guidelines. Some of them I have written today, very soon I&#x2019;ll come with some more&#x2026;
Comments are in-line

Network Surveying

Examine tracks from the target organization. &#x2022; Search web logs and intrusion logs for system trails from the target network.

What could be the possible &#x201c;keywords&#x201d; to search here for web and intrusion logs?

Information Leaks
&#x2022; Examine target web server source code and scripts for application servers and internal links.

What to check here? Is it indicating to check client side script?

Port Scanning
Tasks to perform for a thorough Port Scan: Error Checking
&#x2022; Check the route to the target network for packet loss &#x2022; Measure the rate of packet round-trip time &#x2022; Measure the rate of packet acceptance and response on the target network &#x2022; Measure the amount of packet loss or connection denials at the target network

Do you need help?X

Which tools can be used to perform mentioned tasks, and how to use these results further?
Enumerate Systems
&#x2022; How to "Collect broadcast responses from the network".

Is it to stop Smurf kind of attacks? What setup I need in my Lab to test this?

Services Identification

Tasks to perform for a thorough service probe: &#x2022; How to &#x201c;Locate and identify service remapping or system redirects&#x201d;. &#x2022; Use UDP-based service and trojan requests to all the systems in the network.  How to use UDP-based service requests to all the systems in the network.

That's all for now. Any comment, highly appreciated.

Cheers!
Indian Tiger, CISSP


This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ Received on Mon Jan 13 12:00:09 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library