A little Help with Pen Testing My systems!

I have set up a little network at home, for "my own Penetration Testing Purposes". 2 Windows machines and 2 Linux. I have 1 Windows machine on its own network running windows XP default install and (Zonealarm, Sygate)

My question:

I want to try to see what approach people take to find Exploits and Vulnerbilites on a system like this. Soo the first steps i took is:

installed SYGATE with default settings on Windows XP machine, Went over to Linux and ran a NMAP scan:
nmap -vv -sS -P0 111.111.111.111
all ports are filtered
And SYGATE detected it as only MINOR port scans it didnt even come up with an ALERT-just logged it!

So then tryed NESSUS against this machine and got back: results|111.11.111.11|ntp (123/udp)|10884|Security Note|\nIt is possible to determine a lot of information about the remote host \nby querying th$ results|111.11.111.11|ntp (123/udp)|10647|Security Warning|\nAn NTP server is running on the remote host. Make sure that\nyou are running the lat$

        So i know i would go to sites like Buqtraq,Security Focus and look for documents on this service and see what i can do with it?

But if it is behind a firewall can it still be exploited???and would disable the firewall first? or...<-------

Than i installed zonealarm and searched for exploits on it and found this nmap exploit and ran an NMAP scan like this: nmap -g67 -P0 -sS 111.11.111.111
And all the ports are filtered :
nmap -vv -sS -P0 -p 1-1064 111.11.111.111 -D www.blah.org A site I visted from the windows machine earlier for a bounce attack and still nothing.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

My nest option was going to try HPING2 and try to set the Fragment to "0" and run that against the Firewalled machine too see what happens.

I also remember Windows XP installs MSN Messenger by default. Soo i searched around more and found this:

http://www.mynetwatchman.com/winpopuptester.asp

And i ran the test with SYGATE firewall enabled, and a POP-WINDOW POPPED UP Soo that means it can be accesiable right?? "cause the POP-UP came right through"
So that means something is open amd that my SCANS DIDNT PICK UP?? ----> How come?

Soo can anyone tell me i DONT mean step by step "but(SUGGESTIONS, IDEAS)" on how do people exploit things or "how they do there own assesments" like this.(for learning purposes). I have done alittle bit of homeowrk but NOT ENOUGH.. I want to test HPING against it too but there are just soo many commands anyone have any good command string they use to test FIREWALLS? How would some of you approach something like this: im really trying to get into more secuirty now by reading and playing but am sort of "stumped right now!" Any ideas (tips) i should try or should do differently that would help me on my testings.Again this is all against my own machines... and im not asking steps but maybe a little push..just to learn more about the secuiry issues with them and learn how hackers would approach ISSUES like this. Ohh ya i found this code also for bypassing firewalls but dont understand it, i wanna learn about it beofore i try it and play with it from here: http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2003-02/0268.html

Thanks Mike

Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html Received on Tue Mar 11 12:08:26 2003