pen test v2.0

["Mehmet Buyukozer" <mbuyukozer () gmx co uk>]

Dear friends;

i really thank you for your help. Somebody told me that i should search on
the internet than ask a question in this group. Firstly i wanted to answer
this question explicitly, i am already doing so. The aim behind asking
question here was to learn the opinions of experts like you. Secondly i will
try to explain the situation. Our customer wanted us to scan their computers
which are open to internet. they wanted to see if some real hackers try to
hack and what could be the results. So ids or firewall logs don't matter
very much at first sight. anyway we used:

Nessus
AppScan
Retina
ISS
NMAP

I know something about pen test. I mean i am already familiar with the pen
test , but wanted to learn deeply. and the answers and links that you gave
helped really much.

At the end of our test, we find only the HTTP open to the internet and they
already patched very well.How did we understand this? we tried many known
exploits and also add to the reports that some known vulnerabilites but
havent written an exploit for it, and advice them to follow the patch.
We used NMAP for OS detection and find they are using W2K with SP2, and IIS
5.0, at the beginning we couldnt ping but then tried to tracert, we got
answer and finally we add all these stuff to VA.

If you have some further question or advice about our survey, i really want
to hear them.

Thanx in advance


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------