From: Erin Carroll (amoeba@amoebazone.com)
Date: Wed Feb 06 2008 - 15:26:41 EST
I would love to see another independent review of these tools. If someone
takes up the challenge to do some nice comparison testing there is some
things I'd like to see.
A major issue I see is that a lot of these reviews either don't address or
put much emphasis on is reliability of results. Speed is critical issue and
knowing which tool to select for your particular needs is great... but if
comparison testing could also incorporate a matrix which aligned reported
results with actual ports/systems in the testbed for accuracy that would
rock.
my 2 pesos
-- Erin Carroll Moderator SecurityFocus pen-test list "Do Not Taunt Happy-Fun Ball" > -----Original Message----- > From: listbounce@securityfocus.com > [mailto:listbounce@securityfocus.com] On Behalf Of Tyler Reguly > Sent: Tuesday, February 05, 2008 10:42 PM > To: krymson@gmail.com > Cc: pen-test@securityfocus.com > Subject: Re: Port Scanner Challenge Revisited: Nmap, > Unicornscan, Portbunny > > I have put the comment out at one point that I would be more > than happy to perform additional tests be they against > individual hosts or a large network... I will happily > comply... One of the problems is that unicorn scan needs to > be "tuned" against each specific network as Robert mentioned > to me in a previous email... and to me that becomes a hit > against right off the bat... if I have to scan and tune and > scan and tune... that defeats the purpose. If the authors > want a large sampling... and want to see independent > results... I'm more than willing to do it, but don't tell me > I need to continually tune your product... Thing of the added > time to pen tests and audits. Scan once and potentially wait > a few seconds longer (although in most cases you didn't have > to wait as long) or scan numerous times, tuning each time so > that ultimately you have one scan that was faster... but > you've done numerous scans. > > Either way... Authors... give me your idea scan line for a > large target base and I'll test them and post speed and > accuracy results. > > On 4 Feb 2008 21:29:50 -0000, krymson@gmail.com > <krymson@gmail.com> wrote: > > At some point I'm hoping someone does a more in-the-field > test. I know Portbunny and maybe Unicornscan are more suited > to larger scans, realizing their gains over time. Rather than > against one system or a couple home systems, I'd love to see > results over a larger target range. > > > > > ---------------------------------------------------------------------- > > -- > > This list is sponsored by: Cenzic > > > > Need to secure your web apps NOW? > > Cenzic finds more, "real" vulnerabilities fast. > > Click to try it, buy it or download a solution FREE today! > > > > http://www.cenzic.com/downloads > > > ---------------------------------------------------------------------- > > -- > > > > > > -------------------------------------------------------------- > ---------- > This list is sponsored by: Cenzic > > Need to secure your web apps NOW? > Cenzic finds more, "real" vulnerabilities fast. > Click to try it, buy it or download a solution FREE today! > > http://www.cenzic.com/downloads > -------------------------------------------------------------- > ---------- > ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT