Penetration Testing: Re: Discovering Live Hosts

["John M. Martinelli" <john () martinelli com>]

Since when?

If I'm auditing an intrusion detection system on my LAN, I would  
consider that I'm penetration testing, not performing a vulnerability  
assessment.
Regards,
John Martinelli
RedLevel.org Security

On Aug 8, 2007, at 2:04 AM, Nikhil Wagholikar wrote:

> Hello Jure,
>
> Performing scans from within target LAN is called Vulnerability
> Assessment, and doing the same thing from other LAN or outside IP
> Address/Addresses is called Penetration Testing.
>
> I have clearly mentioned that the scenario is applicable for
> Pen-Testing. Kindly suggest the same answer from Pen-Testing point of
> view.
>
> Thanks for your suggestion. This suggestion will be usefull for
> Vulnerability Assessors.
>
> ---
> Nikhil Wagholikar
> Information Security Analyst
>
>
> On 8/8/07, Jure Krasovic <jure.krasovic () lusp com> wrote:
> > Nikhil Wagholikar pravi:
> > > Hello List,
> > >
> > > I need some suggestions and inputs from all Pen-testers around the
> > > world on this issue.
> > Hello Nikhil,
> >
> > if you are on the same LAN as machines you do pentest, you should try
> > arpping.
> >
> > Regards
> >
> >       Jure
> ---------------------------------------------------------------------- 
> --
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ---------------------------------------------------------------------- 
> --

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------