Max, The link you mentioned below is no bueno, http://www.packetfactory.net/projects/firewalk/ seems to do the job Joel >Try firewalk (www.packetfactory.net/firewalk/) for firewall and ACL test. >Also, if you want to delve deeper into the fun of pentesting, try social >engineering (call them and lie, and try to get passwords to routers, etc), >and try trashing, if you have access to their premisses. >max On Thu, 21 Jun 2001, David Fuller wrote: > My ISP has asked me to do a penetration test for them and I would like to > get an overview of what I should do short of running Nessus and banging on > there (IDS / Logs) door. I have gone over there network with a few scripts > and knowledge I have picked up from the list and Security Focus and I have > discovered all there class C address spaces, I have found two servers > vulnerable to a Unicode exploit and from there able to find out about a few > host sitting behind a ACL / Firewall. Is there anything else I should be > doing... like testing there firewall and seeing if I can scan the network > behind it. > > David. > > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com > > -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Jun 26 2001 - 16:45:15 PDT