RE: Windows XP SP2 and Security Tools

From: William Tarkington (William.Tarkington_at_openwave.com)
Date: 09/20/05

  • Next message: Michael Gargiullo: "RE: Windows XP SP2 and Security Tools" 
    Date: Mon, 19 Sep 2005 15:34:57 -0700
To: <iceh0use@yahoo.com>

    -----Original Message-----
    From: iceh0use@yahoo.com [mailto:iceh0use@yahoo.com]
    Sent: Monday, September 19, 2005 11:50 AM
    To: pen-test@securityfocus.com
    Subject: Re: Windows XP SP2 and Security Tools

    I suggest you become well aquainted with the multitude of Knoppix Live
    CD's that are built for Security. The two off the top of my head that
    I would reccomend are "The Auditor" and "Knoppix-STD". You should be
    able to find these with your favorite search engine.

    You will not have very much success using Windows XP sp2 unless your
    idea of a pen test is telnet 10.1.1.1 80 ..

    Which didn't answer his question at all.

    The end result is that windows SP2 does two things that really frustrate
    those of us trying to use it for pen testing. The first of which is that
    they lowered the overall thread sockets. Which means you just can't run
    as many threads as you can on any other platform. Why? They did this to
    slow down worm propagation but well I think they could have chosen a
    better way.

    The second thing they did is destroy the raw write capability to the
    TCP/IP socket driver. Now you have to load a shim in which allows
    Microsoft to have some control over how the tcp/ip packet you are
    creating is used.

    In general go linux or go mac OS for pen test boxes.

    --Will

    ------------------------------------------------------------------------------
    Audit your website security with Acunetix Web Vulnerability Scanner:

    Hackers are concentrating their efforts on attacking applications on your
    website. Up to 75% of cyber attacks are launched on shopping carts, forms,
    login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
    futile against web application hacking. Check your website for vulnerabilities
    to SQL injection, Cross site scripting and other web attacks before hackers do!
    Download Trial at:

    http://www.securityfocus.com/sponsor/pen-test_050831
    -------------------------------------------------------------------------------

  • Next message: Michael Gargiullo: "RE: Windows XP SP2 and Security Tools"

    Relevant Pages

    • << SBS News of the Week August 8, 2004>>
      ... in Windows Server 2003, Windows XP, or Windows 2000: ... Microsoft Windows Small Business Server 2003? ... A Californian who objects to personal attacks ... a long-awaited security update to Windows XP, ...
      (microsoft.public.backoffice.smallbiz)
    • << SBS News of the Week August 8, 2004>>
      ... in Windows Server 2003, Windows XP, or Windows 2000: ... Microsoft Windows Small Business Server 2003? ... A Californian who objects to personal attacks ... a long-awaited security update to Windows XP, ...
      (microsoft.public.backoffice.smallbiz2000)
    • << SBS News of the Week August 8, 2004>>
      ... in Windows Server 2003, Windows XP, or Windows 2000: ... Microsoft Windows Small Business Server 2003? ... A Californian who objects to personal attacks ... a long-awaited security update to Windows XP, ...
      (microsoft.public.windows.server.sbs)
    • RE: Windows XP SP2 and Security Tools
      ... issues that were in SP2. ... Windows XP SP2 and Security Tools ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are ...
      (Pen-Test)
    • RE: Windows XP SP2 and Security Tools
      ... Windows XP SP2 and Security Tools ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)