RE: Port Scanning.

From: Piskovatskov, Alexey (Alexey.Piskovatskov@bindview.com)
Date: Mon Dec 13 2004 - 11:23:59 EST

• Next message: Todd Towles: "RE: Laptop Considerations"
• Previous message: Ghaith Nasrawi: "RE: Laptop Considerations"
• Maybe in reply to: Faisal Khan: "Port Scanning."
• Next in thread: rzaluski: "RE: Port Scanning."
• Reply: rzaluski: "RE: Port Scanning."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

There's good document by NIST on this subject:
http://csrc.nist.gov/publications/nistpubs/800-42/NIST-SP800-42.pdf

Because nature of the scanners to report false positives/negatives,
using multiple vendors and/or free tools is appropriate.

Best,

Alexey

-----Original Message-----
From: Faisal Khan [mailto:faisal@netxs.com.pk]
Sent: Monday, December 13, 2004 8:47 AM
To: pen-test@securityfocus.com
Subject: Port Scanning.

What's a good industry practise whilst doing port-scanning during a
pen-test.

Do you rely on the results of a single vendor's software or do you use
multiple softwares?

Also, with each OEM/vendor - do you scan once or twice?

I need to do a scan on a Class C Address if that matters in any way.

Faisal

Faisal Khan, CEO
Net Access Communication
Systems (Private) Limited
________________________________

Network Security - Secure Web Hosting
Managed Internet Services - Secure Email
Dedicated Servers - Reseller Hosting

Visit www.netxs.com.pk for more information.

• Next message: Todd Towles: "RE: Laptop Considerations"
• Previous message: Ghaith Nasrawi: "RE: Laptop Considerations"
• Maybe in reply to: Faisal Khan: "Port Scanning."
• Next in thread: rzaluski: "RE: Port Scanning."
• Reply: rzaluski: "RE: Port Scanning."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:10 EDT