Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Pen testing / Vuln Assessment from Cable Modem - question on service

from [Michael Scheidell] Network Security [Permanent Link]
Subject: RE: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection
Date: Tue, 19 Jun 2007 19:42:11 -0400 


-----Original Message-----
From: listbounce@securityfocus.com 
[mailto:listbounce@securityfocus.com] On Behalf Of Tommy May
Sent: Tuesday, June 19, 2007 1:57 PM
To: pen-test@securityfocus.com
Subject: Pen testing / Vuln Assessment from Cable Modem - 
question on service provider selection


Wondering if anyone else has had the same challenge...

Issue - A standard nessus scan or nmap will choke my service 
from a standard home based cable modem service.

I currently use comcast, standard home-based cable modem 
service.  I am considering going the business class route, 
but before I pay for all the extra money, do any of you all 
have any advice?

I need to have a solid provider that is "used to dealing with 
pen-test like customer businesses"... is there someone that 
you all may be able to recommend that won't cost an arm and a 


Every single provider you find will have provisions in their contract
directly prohibiting that.
Imagine the legal paperwork any of these services would need to do to
make sure you weren't just a hacker or skiddy?
_I_ trust you, but they might not.

If it took their lawyers 2 days to draft a special agreement with you,
what would that cost?
There is no 'pen-test like' service.

The other issue is your cable modem, dsl modem, satellite modem,
whatever.  If it has a stateful firewall, and you only paid $39.95 for
it, how much ram do you think it has? How many connections do you think
it could hold open?

To pentest ONE target, possible 65,535 connections (times two)? For ONE
IP address?
A $600 sonicwall has enough ram for, oh, maybe 4000 concurrent
connections,
A cisco ASA5500 with security plus license might do 65,000 connections
(assuming 80% tcp, 20% udp)
That will cost you, oh, $15,000?

The $100 a month for the internet connection is the least of your
worries.
_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(tm). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Strange ports, StaticRez
Next by Date:  Re: Security and VPN, The Sun
Previous by Thread:  Re: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection, R. DuFresne
Next by Thread:  Re: Pen testing / Vuln Assessment from Cable Modem - question on service provider selection, Tommy May
Indexes:  [Date] [Thread] [Top] [All Lists]