Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Penetration Testing using OSSTMM
From: Indian Tiger <indiantiger () mailandnews com>
Date: Mon, 13 Jan 2003 10:45:46 -0500
Dear All,

I am new to this list and heartily apologies if I could have put any
irrelevant query. OSSTMM has defined fantastic rules and guidelines on testing
security. Is there any document available on OSSTMM, which describe how to do
tasks or described them in detail? I have some queries on how to perform rules
and guidelines. Some of them I have written today, very soon I’ll come with
some more…
Comments are in-line

Network Surveying

Examine tracks from the target organization.
• Search web logs and intrusion logs for system trails from the target
network.

What could be the possible “keywords” to search here for web and intrusion
logs?

Information Leaks
• Examine target web server source code and scripts for application servers
and internal links.

What to check here? Is it indicating to check client side script?

Port Scanning
Tasks to perform for a thorough Port Scan:
Error Checking
• Check the route to the target network for packet loss
• Measure the rate of packet round-trip time
• Measure the rate of packet acceptance and response on the target network
• Measure the amount of packet loss or connection denials at the target
network

Which tools can be used to perform mentioned tasks, and how to use these
results further?
Enumerate Systems
• How to "Collect broadcast responses from the network".

Is it to stop Smurf kind of attacks? What setup I need in my Lab to test this?

Services Identification

Tasks to perform for a thorough service probe:
• How to “Locate and identify service remapping or system redirects”.
• Use UDP-based service and trojan requests to all the systems in the network.
 How to use UDP-based service requests to all the systems in the network.

That's all for now. Any comment, highly appreciated.

Cheers!
Indian Tiger, CISSP


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]