Hosting Provided By

RE: Know such a web's server tool? -- huh

From: Paul Vet <paul.vet(at)baldhead.com>
Date: Tue Jul 22 2003 - 12:37:19 EDT

> > okay.... i'll bite ... why does everybody/somebody think that

Agreed. However, anybody can just run the tools and say "oh crap, I'm terribly vulnerable" and maybe, just maybe, they'll go to Windows Update and we'll have one less machine spreading the next big worm.

To go back in time a little, the original poster asked for a tool to enumerate hosts, scan them for vulnerabilities, and attempt to exploit them. I think we're all aware that that does not make a full pen-test, but it could have many uses. It could be that he's just become aware of security issues and wants to do a quick test of his LAN. Perhaps he's a black-hat trying to expand his bot-net. Who knows?

I do think that it's important that we not just dismiss Nessus with "that's not a real pen-test." It's true, it isn't a full pen-test, but it doesn't claim to be. What it does do is give the end user a bit of a chance. Most people can't afford to either a) learn how to do a complete pen-test, or b) hire a team. Tools like Nessus are the first step in getting joe-user to secure his box.

Paul.

Received on Tue Jul 22 16:52:34 2003

This message: [ Message body ]
Next message: R. DuFresne: "RE: Know such a web's server tool? -- huh"
Previous message: Daren Nowlan: "Re: exploits, good exploits"
In reply to: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
Next in thread: R. DuFresne: "RE: Know such a web's server tool? -- huh"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:40 EDT