Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 071051.html (Request Expert securityfocus.com Support)

RE: Know such a web's server tool? -- huh

From: Alvin Oga <alvin.sec(at)Mail.Linux-Consulting.com>
Date: Sun Jul 20 2003 - 01:59:20 EDT

On Thu, 17 Jul 2003, Paul Vet wrote:

> Except for trying actual exploits, give nmap (http://www.insecure.org/nmap/)

okay.... i'll bite ... why does everybody/somebody think that "pen-test" means to run a port scan w/ nmap/nessus .. etc ..

so what if nmap and other port scanner tells you that you have

  • port 25 open on your mail server
  • port 80 is open on your web server
  • port 22 is open on your ssh login server ... ... now what do you do with that info ??? ...
    • i say there is a dayz work of patches to apply to most of the generic linux distro's install and depending on time, budget and paranoia, that there is a minimum of 1-2 hrs a day to baby sit "each server" and/or automating your "test farm of updates"to be automatically updating your "100,500,1000,5,000 production machines"
    • for a tool that tells you a result of the "hackability" of any server
  • run "all of the script kiddie" tools ... it's all free, and have been written and proved to work or not if the vulnerability exists
  • this doesn't require any skill set, other than finding the scripts that the "kiddies" uses to play with servers on the net

c ya
alvin

Received on Mon Jul 21 13:12:53 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:40 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library