Penetration Testing mailing list archives
RE: Port Scanner Reports
From: "Richard Zaluski" <rzaluski () ivolution ca>
Date: Wed, 2 Nov 2005 08:42:32 -0500
I have done much the same thing using UNIX based tools such as nmap and the diff command to footprint network services and compare reports. We scripted it to notify us of any changes to the footprint files of the services on subnets / servers we targeted to be part of the process. We also used the same tool to monitor our router configurations, each day for any changes. Each day our script would run and pull the previous config file and compare it to the current configuration running on the router. With a little imagination you can do a lot of things such as baseline network services. We did find rogue services by the way. It worked great ... Good luck Daniel, I'd be interested in seeing your final product. Richard Zaluski CISO, Security and Infrastructure Services iVOLUTION Technologies Incorporated 905.309.1911 866.601.4678 www.ivolution.ca rzaluski () ivolution ca -----Original Message----- From: Ian [mailto:pentest () fishnet co uk] Sent: Tuesday, November 01, 2005 5:15 AM To: pen-test () securityfocus com Subject: Re: Port Scanner Reports On 30 Oct 2005 at 11:19, Daniel Miessler wrote: <snip>
A friend and I are writing a tool to do this right now; it's called netdiff, and if you'd like to be part of the test group, drop me an email. We're still coding it but should have something relatively shortly. The focus of our tool is finding both changed hosts *and* changed ports -- so if you have new systems pop up it'll show you, and if you have new ports pop up on existing systems, it'll show you those as well.
Hi Daniel, Is it anything to do with this from Engarde? http://ftp.engardelinux.org/pub/engarde/people/pax/netdiff/ <Quote> NetDiff is a network reporting tool written in perl that runs nmap portscans of a specified network or networks and stores the results to a MySQL database. It can then report the differences between successive scans, giving administrators a snapshot view of recent changes on their network. This report is very useful for network maintenance and monitoring, it will automatically let you know when: o A new host is added to the network. o A host is shut down or disconnected from the network. o A service has stopped running. o A new service port has been opened. Additionally, if version and OS scanning is enabled, the report will list those differences as well, telling you if: o A server daemon was upgraded or patched. o The host´s operating system was upgraded or changed. </Quote> Regards Ian -- ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Port Scanner Reports Ian (Nov 01)
- RE: Port Scanner Reports Richard Zaluski (Nov 03)