Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Port Scanning.

from [robert] Network Security [Permanent Link]
Subject: Re: Port Scanning.
Date: Mon, 13 Dec 2004 08:10:47 -0800 
Faisal Khan(faisal@netxs.com.pk)@Mon, Dec 13, 2004 at 07:46:43PM +0500:

What's a good industry practise whilst doing port-scanning during a 
pen-test.


To understand what your tools are really doing and have extensive
experience with this process before relying on it during a pen-test.


Do you rely on the results of a single vendor's software or do you use
multiple softwares?


Depends on the software.  For port scanning, most people trust nmap
because of the extensive time that Fyodor and the rest of the nmap-dev
team has put into making it better.

I would say that nmap may be the one to judge your other port scanning
tools against if you are new to port scanning.

Another tool that would be good to play with is unicornscan
(http://www.unicornscan.org).  Unicornscan is set up for a more
technical tester who wants to collect as much meaningful information
during the scan as possible.  It has a higher learning curve at the
moment, but we have had very good feedback from those who are using it. 
We will have another release out sometime before Christmas.  Unicornscan
was built with scalability, accuracy, and flexibility in mind.  To my
knowledge, it is currently the most accurate UDP scanner out there.  The
next release will make our TCP scanning on par with our UDP scanning.


Also, with each OEM/vendor - do you scan once or twice?


Depends on how reliable the network connection is between you and the
site you're testing.  Doing logistics and controls tests ahead of time
is really important.  You need to know how many packets per second can
reliably reach your destination and have a response reach you.  You need
to know the overall bandwidth limitations.  You need to figure out which
protocols are allowed through.  You need to figure out if there is an
IPS in place.  You need to find out if there is a stateful inspection
firewall in place.  You need to find out if there is a DDoS mitigation
device in place .. etc etc etc.  If you skip the logistics part and just
plug in a target range and go, you will tend to have inaccurate results
no matter how many times you scan.


I need to do a scan on a Class C Address if that matters in any way.


If you are relatively new to testing, I can not emphasize enough how
important that logistics and controls phase is.  Pull down the OSSTMM -
http://www.osstmm.org and walk through the logistics and controls &
systems enumeration modules.  You may also want to split the 256 IP's in
your range into smaller chunks (0-63, 64-127, 128-191, 192-255) to make
sure you review the results for each chunk separately.  There is nothing
like waiting multiple days to find out that your results are garbage and
you have to start over.

Robert

-- 
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert@dyadsecurity.com
M - (949) 394-2033
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Port Scanning., miguel . dilaj
Next by Date:  RE: Laptop Considerations, GDreelin
Previous by Thread:  Port Scanning., Faisal Khan
Next by Thread:  Re: Port Scanning., robert
Indexes:  [Date] [Thread] [Top] [All Lists]