Penetration Testing mailing list archives
Re: [PEN-TEST] Online Security Vulnerability Services
From: Jason Sheffield <jsheffield () AXENT COM>
Date: Wed, 23 Aug 2000 12:33:26 -0400
Mark, I have actually had Gibson Research's (www.grc.com) downloadable client used against me (Previous job with an International Telecom) to scan hosts visible to the Internet. I was a lone PIX admin with the job of tracking down possible intrusion attempts. All that it requires is that you have a dual NIC'ed (or modem and NIC) host and you assign one of your interfaces the IP of the box you are trying to scan. The client will ask which IP of your "LOCAL" machine you would like to scan, and Viola, you have an anonymous port scanner at your fingertips. All sniffer traces point right back to GRC, and stop there. Nice "feature" don't you think. My personal experience is that I don't trust them to do a complete job, and I know that a lot of unknowing users on the Internet trust these online scanners to give them, that "nice, warm, fuzzy feeling" about security. Big mistake, as complacency makes you drop your guard. Besides, who knows what sorts of data these scanners collect on the back end. Just my $.02 Regards, Jason -----Original Message----- From: Teicher, Mark [mailto:mark.teicher () NETWORKICE COM] Sent: Monday, August 21, 2000 7:09 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Online Security Vulnerability Services Has anyone checked them out? Who would you recommend? Are Online Security Vulnerability services any different from penetration and attack testing? /thanks in advance for the info /mark
Current thread:
- Re: [PEN-TEST] Online Security Vulnerability Services Teicher, Mark (Aug 24)
- <Possible follow-ups>
- Re: [PEN-TEST] Online Security Vulnerability Services Jason Sheffield (Aug 24)