Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: RE: Changing Source Port during Penetration Testing?
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 7 Nov 2006 16:45:36 -0600 (CST)

On 7 Nov 2006 emptybeerkann () gmail com wrote:
You are right. Most firewalls are stateful now, but what if the organization isn't using a firewall? What if they are 
using a router or some other device instead? This technique once again becomes a viable option.

Firewalls and GREAT, but they are not a necessity. Further, a router can
do quite a lot of what you would want from a firewall in most cases.

Which brings us back to pen-testing. Stateful is an issue when it comes to
that, but I don't see why that is any more than a configuration issue?

As most organizations do use a firewall, do you suggest this as a method
of checking for stateful inspection?

        Gadi.


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]