From: John M. Martinelli (john@martinelli.com)
Date: Wed Aug 08 2007 - 02:31:49 EDT
Since when?
If I'm auditing an intrusion detection system on my LAN, I would
consider that I'm penetration testing, not performing a vulnerability
assessment.
Regards,
John Martinelli
RedLevel.org Security
On Aug 8, 2007, at 2:04 AM, Nikhil Wagholikar wrote:
> Hello Jure,
>
> Performing scans from within target LAN is called Vulnerability
> Assessment, and doing the same thing from other LAN or outside IP
> Address/Addresses is called Penetration Testing.
>
> I have clearly mentioned that the scenario is applicable for
> Pen-Testing. Kindly suggest the same answer from Pen-Testing point of
> view.
>
> Thanks for your suggestion. This suggestion will be usefull for
> Vulnerability Assessors.
>
> ---
> Nikhil Wagholikar
> Information Security Analyst
>
>
> On 8/8/07, Jure Krasovic <jure.krasovic@lusp.com> wrote:
>> Nikhil Wagholikar pravi:
>>> Hello List,
>>>
>>> I need some suggestions and inputs from all Pen-testers around the
>>> world on this issue.
>>
>> Hello Nikhil,
>>
>> if you are on the same LAN as machines you do pentest, you should try
>> arpping.
>>
>> Regards
>>
>> Jure
>>
>
> ----------------------------------------------------------------------
> --
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ----------------------------------------------------------------------
> --
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:00 EDT