RE: Port Scanning.

From: Piskovatskov, Alexey (Alexey.Piskovatskov_at_bindview.com)
Date: 12/13/04

Next message: robert_at_dyadsecurity.com: "Re: Port Scanning."

Previous message: GDreelin: "RE: Laptop Considerations"
Maybe in reply to: Faisal Khan: "Port Scanning."
Next in thread: rzaluski: "RE: Port Scanning."
Reply: rzaluski: "RE: Port Scanning."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 13 Dec 2004 10:23:59 -0600
To: "Faisal Khan" <faisal@netxs.com.pk>, <pen-test@securityfocus.com>

There's good document by NIST on this subject:
http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf

Because nature of the scanners to report false positives/negatives,
using multiple vendors and/or free tools is appropriate.

Best,

Alexey

-----Original Message-----
From: Faisal Khan [mailto:faisal@netxs.com.pk]
Sent: Monday, December 13, 2004 8:47 AM
To: pen-test@securityfocus.com
Subject: Port Scanning.

What's a good industry practise whilst doing port-scanning during a
pen-test.

Do you rely on the results of a single vendor's software or do you use
multiple softwares?

Also, with each OEM/vendor - do you scan once or twice?

I need to do a scan on a Class C Address if that matters in any way.

Faisal

Faisal Khan, CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information.

Next message: robert_at_dyadsecurity.com: "Re: Port Scanning."

Previous message: GDreelin: "RE: Laptop Considerations"
Maybe in reply to: Faisal Khan: "Port Scanning."
Next in thread: rzaluski: "RE: Port Scanning."
Reply: rzaluski: "RE: Port Scanning."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]