-----Original Message-----
From: iceh0use@yahoo.com [mailto:iceh0use@yahoo.com]
Sent: Monday, September 19, 2005 11:50 AM
To: pen-test@securityfocus.com
Subject: Re: Windows XP SP2 and Security Tools
I suggest you become well aquainted with the multitude of Knoppix Live
CD's that are built for Security. The two off the top of my head that
I would reccomend are "The Auditor" and "Knoppix-STD". You should be
able to find these with your favorite search engine.
You will not have very much success using Windows XP sp2 unless your
idea of a pen test is telnet 10.1.1.1 80 ..
Which didn't answer his question at all.
The end result is that windows SP2 does two things that really frustrate
those of us trying to use it for pen testing. The first of which is that
they lowered the overall thread sockets. Which means you just can't run
as many threads as you can on any other platform. Why? They did this to
slow down worm propagation but well I think they could have chosen a
better way.
The second thing they did is destroy the raw write capability to the
TCP/IP socket driver. Now you have to load a shim in which allows
Microsoft to have some control over how the tcp/ip packet you are
creating is used.
In general go linux or go mac OS for pen test boxes.
--Will
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
