RE: Know such a web's server tool? -- huh

From: Alvin Oga (alvin.sec_at_Mail.Linux-Consulting.com)
Date: 07/20/03

Next message: Nicolas RUFF (lists): "Re: V/Scan for Wireless LANs"

Previous message: R. DuFresne: "RE: V/Scan for Wireless LANs"
In reply to: Paul Vet: "RE: Know such a web's server tool?"
Next in thread: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
Reply: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 19 Jul 2003 22:59:20 -0700 (PDT)
To: Paul Vet <paul.vet@baldhead.com>

On Thu, 17 Jul 2003, Paul Vet wrote:

> Except for trying actual exploits, give nmap (http://www.insecure.org/nmap/)
> a shot. It's very powerful on its own, and CPAN has some perl modules
> (http://search.cpan.org/search?query=nmap) to control it if you're feeling
> creative.
>
> You might want to consider Nessus (http://www.nessus.org/) for it's tests,
> it has an exploit scripting engine (I believe).

okay.... i'll bite ... why does everybody/somebody think that "pen-test"
means to run a port scan w/ nmap/nessus .. etc ..

so what if nmap and other port scanner tells you that you have
        - port 25 open on your mail server
        - port 80 is open on your web server
        - port 22 is open on your ssh login server
         ...
        ... now what do you do with that info ???
        ...

-- i say there is a dayz work of patches to apply to most of the generic
   linux distro's install and depending on time, budget and paranoia,
   that there is a minimum of 1-2 hrs a day to baby sit "each server"
   and/or automating your "test farm of updates"to be automatically
   updating your "100,500,1000,5,000 production machines"

-- for a tool that tells you a result of the "hackability" of any server

        - run "all of the script kiddie" tools ...
          it's all free, and have been written and proved to work or not
          if the vulnerability exists

- this doesn't require any skill set, other than finding the
scripts that the "kiddies" uses to play with servers on the net

c ya
alvin

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Nicolas RUFF (lists): "Re: V/Scan for Wireless LANs"

Previous message: R. DuFresne: "RE: V/Scan for Wireless LANs"
In reply to: Paul Vet: "RE: Know such a web's server tool?"
Next in thread: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
Reply: Bojan Zdrnja: "RE: Know such a web's server tool? -- huh"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]