Nmap Announce mailing list archives
Re: Examples of legit nmap usage?
From: Andreas Kostyrka <andreas () mtg co at>
Date: Mon, 20 Sep 1999 21:52:27 +0200 (CEST)
On Sat, 18 Sep 1999, Bennett Todd wrote:
So in-house employees don't take advantage of this setup, or else they get fired for cause, prosecuted, and sued. The perimeter is far better secured.
Well, talking about a Windows place: How do you prove that it was done by some specific employee, and not somebody else: -) Office Macros could probably download and execute some program. -) Somebody could just have walked to the PC while the normal occupant is on lunch break. -) This assumes that all employees are friendly. Not a good assumption, especially when you have interns and semi external personal (badly payed outsourced PC helpdesk workers, etc.), and you do have anything of value on the network.
I don't claim this is a great model, but it's in use a lot of places. The
Well, this is kind of the ActiveX security model. "You can burgle my house, but we know who did it." Well, in fact sometimes one doesn't know. (Or do you log every packet on some internal segment?) And even if you can identify the PC, it's not proof enough. Anybody technical literate knows that most PC level OSes do not provide any security. (Well, WinNT and Unix are exception to this rule. But WinNT is almost impossible to setup securily, because typical Windows application tend to expect to be able to write to the most curious places.)
original poster's question made me think he was talking about that sort of place.
Well, this kind of setup is not very funny on SOHO LAN, but it's a recipe for desaster for anything larger. And sometimes even the PHB react, if you scare them long enough about the security of the setup. Andreas -- Andreas Kostyrka | andreas () mtg co at phone: +43/1/7070750 | phone: +43/676/4091256 MTG Handelsges.m.b.H. | fax: +43/1/7065299 Raiffeisenstr. 16/9 | 2320 Zwoelfaxing AUSTRIA
Current thread:
- Examples of legit nmap usage? Foust, Adam G. (Sep 17)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? David Carmean (Sep 17)
- Re: Examples of legit nmap usage? Joel Eriksson (Sep 18)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Andreas Kostyrka (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 20)
- Re: Examples of legit nmap usage? Bennett Todd (Sep 17)
- Re: Examples of legit nmap usage? Lamont Granquist (Sep 20)
- Re: Examples of legit nmap usage? Max Vision (Sep 21)
- IP fragment overwriting bug exploitation Lamont Granquist (Sep 21)
- reverse frag scanning patch Lamont Granquist (Sep 22)
- <Possible follow-ups>
- RE: Examples of legit nmap usage? Rob Shein (Sep 17)
- RE: Examples of legit nmap usage? Scott Hardy (Sep 20)