Penetration Testing mailing list archives
Re: [PEN-TEST] Noisy ou stealthy ?
From: Greg <greg () HOOBIE NET>
Date: Sun, 8 Oct 2000 16:40:50 +0100
Why not try both, start quiet and get noisier. Using that approach you can also measure the client's incident response handling. That is assuming they notice it at all ;) It's often useful to record when the client notices they are under (simulated) attack if you go loud from the outset I guess you miss out on that opportunity. regards Greg -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Nicolas Gregoire Sent: 08 November 2000 16:17 To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Noisy ou stealthy ? Hi pen-testers, just a question about methodology. When you are doing some pen-tests, do you use the noisy way (full port range scan, lot of scanning for cgi whitout IDS evasion techniques, brute force attacks on FTP) or the sthealthy one ? I think that the noisy way is easiest (just schedule a Nessus scan , a whisker scan and an ISS scan for the night, read the results and attack) but can't really test the efficacity of corporate defenses. The stealthy way is more time-consuming, but more funny .... So, what's your method ? Nicob
Current thread:
- [PEN-TEST] Noisy ou stealthy ? Nicolas Gregoire (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Jose Nazario (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Iván Arce (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Greg (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? andy lowton (Nov 11)
- Re: [PEN-TEST] Noisy/stealthy ? N Catlow (Nov 14)
- Re: [PEN-TEST] Noisy ou stealthy ? Don Bailey (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? a007 (Nov 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Noisy ou stealthy ? Eric Lauzon (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Dunker, Noah (Nov 09)
- Re: [PEN-TEST] Noisy ou stealthy ? Masse, Robert (Nov 09)