Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket

From: Dan Goldberg (dan@madjic.net)
Date: Fri Apr 23 2004 - 14:12:27 EDT

• Next message: Dan Goldberg: "Re: Web site testing"
• Previous message: Jerry Shenk: "RE: Web site testing"
• In reply to: Don Parker: "Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Next in thread: Jerry Shenk: "RE: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Reply: Jerry Shenk: "RE: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> 1) How reliable have people here found nmap and nessus to be?
> Anything that can be done about this?

Paul,
        I have had very good luck with Nmap. It helps to know something
about the path to the host(s) your are interested in. You will get
different results and responses depending on whether there are
firewalls or packet filters between the scanner and target. (Sorry I
know this is obvious).
        In addition I always capture a packet trace of any scan I perform
create an audit trail of the scan and see anything that Nmap fails to
report on as I would expect.
        I also tend to break large scans in to smaller chunks. Rather than
scanning -p 1-65535 on a host I will script out a few chunks at a
time usually getting well known or expected ports first. This is
mostly to keep from bogging down the scanner (especially if the
scanner is a windows box).

> 2) I'm looking at setting up a box to capture all traffic on our
> scanning network. Does anyone have thoughts on doing this, based on
> their operational experiences?

I would think that a system like Shadow
http://www.nswc.navy.mil/ISSEC/CID/ would help here or else Snort in
Logging mode.
        I have used Shadow to capture large amounts of traffic on a 24 hour
basis and the front end is excellent for reviewing headers. It does
collect IIRC the 1st 68 bytes though not entire packets.

> 3) Using Core Impact's Impacket library,
I have never used this.

Hope this helps.

-- 
dan@madjic.net
-- 
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Dan Goldberg: "Re: Web site testing"
• Previous message: Jerry Shenk: "RE: Web site testing"
• In reply to: Don Parker: "Re: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Next in thread: Jerry Shenk: "RE: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Reply: Jerry Shenk: "RE: Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT