From: Andre Amorim (decouk@gmail.com)
Date: Wed Feb 06 2008 - 16:20:06 EST
For me...the better scanner is that one that can be invisible against
ISD/IPS...
I think Nmap + Metasploit had proven be a hard rock to a lot of
Intrusion Detection around.
Which characteristic is the most important to you ?
-- Andre .'.
> On 06/02/2008, Erin Carroll <amoeba@amoebazone.com> wrote:
> > I would love to see another independent review of these tools. If someone
> > takes up the challenge to do some nice comparison testing there is some
> > things I'd like to see.
> >
> > A major issue I see is that a lot of these reviews either don't address or
> > put much emphasis on is reliability of results. Speed is critical issue and
> > knowing which tool to select for your particular needs is great... but if
> > comparison testing could also incorporate a matrix which aligned reported
> > results with actual ports/systems in the testbed for accuracy that would
> > rock.
> >
> > my 2 pesos
> >
> > --
> > Erin Carroll
> > Moderator
> > SecurityFocus pen-test list
> > "Do Not Taunt Happy-Fun Ball"
> >
> > > -----Original Message-----
> > > From: listbounce@securityfocus.com
> > > [mailto:listbounce@securityfocus.com] On Behalf Of Tyler Reguly
> > > Sent: Tuesday, February 05, 2008 10:42 PM
> > > To: krymson@gmail.com
> > > Cc: pen-test@securityfocus.com
> > > Subject: Re: Port Scanner Challenge Revisited: Nmap,
> > > Unicornscan, Portbunny
> > >
> > > I have put the comment out at one point that I would be more
> > > than happy to perform additional tests be they against
> > > individual hosts or a large network... I will happily
> > > comply... One of the problems is that unicorn scan needs to
> > > be "tuned" against each specific network as Robert mentioned
> > > to me in a previous email... and to me that becomes a hit
> > > against right off the bat... if I have to scan and tune and
> > > scan and tune... that defeats the purpose. If the authors
> > > want a large sampling... and want to see independent
> > > results... I'm more than willing to do it, but don't tell me
> > > I need to continually tune your product... Thing of the added
> > > time to pen tests and audits. Scan once and potentially wait
> > > a few seconds longer (although in most cases you didn't have
> > > to wait as long) or scan numerous times, tuning each time so
> > > that ultimately you have one scan that was faster... but
> > > you've done numerous scans.
> > >
> > > Either way... Authors... give me your idea scan line for a
> > > large target base and I'll test them and post speed and
> > > accuracy results.
> > >
> > > On 4 Feb 2008 21:29:50 -0000, krymson@gmail.com
> > > <krymson@gmail.com> wrote:
> > > > At some point I'm hoping someone does a more in-the-field
> > > test. I know Portbunny and maybe Unicornscan are more suited
> > > to larger scans, realizing their gains over time. Rather than
> > > against one system or a couple home systems, I'd love to see
> > > results over a larger target range.
> > > >
> > > >
> > > ----------------------------------------------------------------------
> > > > --
> > > > This list is sponsored by: Cenzic
> > > >
> > > > Need to secure your web apps NOW?
> > > > Cenzic finds more, "real" vulnerabilities fast.
> > > > Click to try it, buy it or download a solution FREE today!
> > > >
> > > > http://www.cenzic.com/downloads
> > > >
> > > ----------------------------------------------------------------------
> > > > --
> > > >
> > > >
> > >
> > > --------------------------------------------------------------
> > > ----------
> > > This list is sponsored by: Cenzic
> > >
> > > Need to secure your web apps NOW?
> > > Cenzic finds more, "real" vulnerabilities fast.
> > > Click to try it, buy it or download a solution FREE today!
> > >
> > > http://www.cenzic.com/downloads
> > > --------------------------------------------------------------
> > > ----------
> > >
> >
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> >
>
>
> --
> Andre Amorim
>
-- Andre Amorim ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:23 EDT