Home page logo

pen-test logo Penetration Testing mailing list archives

Re: RE: Changing Source Port during Penetration Testing?
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 7 Nov 2006 16:45:36 -0600 (CST)

On 7 Nov 2006 emptybeerkann () gmail com wrote:
You are right. Most firewalls are stateful now, but what if the organization isn't using a firewall? What if they are 
using a router or some other device instead? This technique once again becomes a viable option.

Firewalls and GREAT, but they are not a necessity. Further, a router can
do quite a lot of what you would want from a firewall in most cases.

Which brings us back to pen-testing. Stateful is an issue when it comes to
that, but I don't see why that is any more than a configuration issue?

As most organizations do use a firewall, do you suggest this as a method
of checking for stateful inspection?


This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]