Penetration Testing: RE: An Amateur Pen-Test

["Brown, Joel" <jbrown () intrusion com>]

Max, The link you mentioned below is no bueno,
http://www.packetfactory.net/projects/firewalk/ seems to do the job

Joel

> Try firewalk (www.packetfactory.net/firewalk/) for firewall and ACL test. 
> Also, if you want to delve deeper into the fun of pentesting, try social
> engineering (call them and lie, and try to get passwords to routers, etc),
> and try trashing, if you have access to their premisses.
> max
On Thu, 21 Jun 2001, David Fuller wrote:

> My ISP has asked me to do a penetration test for them and I would like to
> get an overview of what I should do short of running Nessus and banging on
> there (IDS / Logs) door. I have gone over there network with a few scripts
> and knowledge I have picked up from the list and Security Focus and I have
> discovered all there class C address spaces, I have found two servers
> vulnerable to a Unicode exploit and from there able to find out about a
few
> host sitting behind a ACL / Firewall. Is there anything else I should be
> doing... like testing there firewall and seeing if I can scan the network
> behind it.
>
> David.
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/