From: Jason Thompson (securitux@gmail.com)
Date: Mon Mar 10 2008 - 23:58:59 EST
To expand on what the others said,
Scanning firewalls and routers makes baby Jesus cry. You will set off
alarms and notify your target, and therefore compromise your stealth
factor.
Did this class teach you client side attacks? Social engineering? Phishing?
Did you do any info gathering on the company before doing the test?
Personally, info gathering is one of my favorite activities, the data
you can gather for subsequent attacks is quite useful. Users now have
a very large Internet footprint.
Also, you can absolutely do a pen test on an external network after an
internal test, but its not black box anymore, its a white box test.
Done quite often actually, by companies who have internal security
staff.
And as Radu said, make sure that router you're poking at isn't owned
by the ISP. They take a dim view of being attacked without
authorization.
-J
On 7 Mar 2008 06:52:00 -0000, <to.tushar@yahoo.com> wrote:
> Hi,
>
>
>
> I have just completed my classes of Penetration Testing and have been asked to do a project.
>
> I have an option to do either external or internal pen test.
>
>
> I can do an internal pen-test in one organization I've got, however, I am not sure how I can do an external pen-test in this scenario. The following is the network. Please tell me if I can do an external pentest in this case and where can I start.
>
>
>
> Internet -> router / modem provided by ISP (only static IP in organization)-> Switch -> about 100 systems in internal network (pvt IPs).
>
> Webserver & mails are hosted on public server.
>
>
>
> Ping: success
>
> Tried nmap: Host seems down. If it is really up, but blocking our ping probes, try -P0 (we are scanning a router here, so it won't work)
>
>
> Is there anyway I can get into this organization by doing an external pen-test. This is a small company into s/w development and uses only messengers to communicate with the outside world / clients etc. No major servers inside organization and none with pub IP address.
>
>
>
> If you need any more info, please lemme know.
>
>
>
> Regards,
>
> Tushar
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT