From: Robin Wood (dninja@gmail.com)
Date: Fri Mar 10 2006 - 05:03:12 EST
Thanks for that Erin, that was what I was trying to get at.
Anyway, I've now got FreeBSD 6 installed and got my wireless card up
and running so I'm going to give it a try for a while and see how it
goes both as a pen-testing platform and as a day-to-day desktop
distro.
The comment at the top of the SourceForge page for Frenzy says
"A new linux distribution for Wardrivers"
but the second link goes to a page on the the freebsd site so I'll
give it a download and see. Hopefully it will point at some nice BSD
based tools that will increase the arsenal.
Robin
On 3/10/06, Erin Carroll <amoeba@amoebazone.com> wrote:
> Terry,
>
> I wasn't speaking about the relative strengths of security measures within
> an OS as a yardstick to determining viability as a pen-test platform. I was
> observing that, given BSD's focus on secure code, it's strange that there
> aren't more BSD-native tools available. There's a certain allure to BSD's
> security focus for a pen-test platform. However, most of the better known
> tools out there have multiple rpm/deb/portage (read:Linux) packages but very
> few also have BSD ports available.. Which reduces BSD users to compiling
> from source. With BSD's different lib and directory structures this can be a
> pain to deal with at times. The lack of BSD-centric pen-test tools is
> probably a combination of smaller mindshare/marketshare and the inherent
> differences from Linux.
>
> Having cut my teeth on OpenBSD back in the day I was hoping someone would
> chime in with some suggestions on BSD distros tailored for pen-testing.
> Someone mentioned Frenzy which I'll have to check out.
>
> Plus I was trying to stop the helpful (but not list relevant) suggestions on
> how Robin could fix his wifi drivers. There's better resources out there for
> that kind of support and didn't want to clutter the list with such a
> tangent. :)
>
>
> --
> Erin Carroll
> Moderator
> SecurityFocus pen-test list
> "Do Not Taunt Happy-Fun Ball"
>
>
> > -----Original Message-----
> > From: Terry Vernon [mailto:tvernon24@comcast.net]
> > Sent: Thursday, March 09, 2006 5:38 PM
> > To: 'Erin Carroll'; 'Robin Wood'
> > Cc: Woods_Beau@dkmc.org; pen-test@securityfocus.com
> > Subject: RE: testing laptop based on bsd anyone
> >
> > I don't think security measures within a system have an after
> > effect on compiled auditing tools. This makes the decision
> > about which OS to use more specific to your hardware being
> > detected without too much hassle and choice of tools based on
> > platform.
> >
> > -Terry
> >
> > -----Original Message-----
> > From: Erin Carroll [mailto:amoeba@amoebazone.com]
> > Sent: Thursday, March 09, 2006 6:00 PM
> > To: Robin Wood
> > Cc: Woods_Beau@dkmc.org; pen-test@securityfocus.com
> > Subject: Re: testing laptop based on bsd anyone
> >
> >
> > I still haven;t seen anyone really address what I thought was the most
> > interesting aspect of what Robin was asking by implication: BSD-based
> > pen-testing systems vs Linux-based. One would think that with
> > BSD's focus
> > on secure code and computing practices that it would be ideal for a
> > pen-test and security-centric launchpad... but I've seen very few
> > BSD-based distros or packages that weren't ports of Linux
> > apps. Are there
> > tings BSD is capable of doing due to system design that Linux
> > can't (or do
> > as easily) and vice-versa?
> >
> > Personally I don't have an operating system preference as I'll use
> > whatever the best OS (tool) I need for the job at hand. That
> > being said, I
> > have run into cases where if something doesn't exist in the BSD ports
> > packages, getting a tool installed and compiled from source can be a
> > nightmare. YMMV
> >
> >
> >
> >
> >
> > On Wed, 8 Mar 2006, Robin Wood wrote:
> >
> > > I had some time on my hands so just went for it and
> > installed FreeBSD 6.
> > The
> > > base system starts up ok so now I've got to start loading
> > all the tools on
> > > it. I've left plenty of drive space so I can dual boot
> > windows and linux
> > if
> > > needs be so everything should be catered for.
> > >
> > > Off to get wifi working...
> > >
> > > Robin
> > >
> > > On 3/8/06, Robin Wood <dninja@gmail.com> wrote:
> > > >
> > > > I had some time on my hands so just went for it and
> > installed FreeBSD 6.
> > The base system starts up ok so now I've got to start loading
> > all the tools
> > on it. I've left plenty of drive space so I can dual boot
> > windows and linux
> > if needs be so everything should be catered for.
> > > >
> > > > Off to get wifi working...
> > > >
> > > >
> > > > Robin
> > > >
> > > >
> > > >
> > > > On 3/8/06, Woods_Beau@dkmc.org < Woods_Beau@dkmc.org> wrote:
> > > > >
> > > > >
> > > > > check out FreeSBIE -- They have a nice little live CD
> > that boots BSD.
> > They also have a live CD creator, so you can get BSD going
> > the way you want
> > it on your hard drive, then turn that custom distro into a
> > live CD. That
> > could come in handy if you want to run Windows or something
> > else and don't
> > want to dual boot.
> > > > >
> > > > > -----
> > > > > Beau Woods
> > > > > Information Security Analyst
> > > > > DeKalb Medical Center
> > > > > (404)501-3825
> > > > > beau_woods@dkmc.org
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > "Robin Wood" <dninja@gmail.com>
> > > > >
> > > > >
> > > > > 03/07/2006 05:23 PM
> > > > >
> > > > >
> > > > > To pen-test@securityfocus.com
> > > > >
> > > > > cc
> > > > >
> > > > >
> > > > > Subject
> > > > > testing laptop based on bsd anyone
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Hi
> > > > > I'm having problems with wireless pen-tests due to the
> > linux drivers
> > > > > for my wireless card and someone suggested trying one
> > of the BSDs.
> > > > > Does anyone here use BSD as a base system for
> > pen-testing from? I was
> > > > > going to go with FreeBSD as I have a little knowledge
> > of it already.
> > > > > Any tips, tricks or gotchas?
> > > > >
> > > > > Thanks
> > > > >
> > > > > Robin
> > > > >
> > > > >
> > > > >
> > --------------------------------------------------------------
> > --------------
> > --
> > > > >
> > > > > This List Sponsored by: Cenzic
> > > > >
> > > > > Concerned about Web Application Security?
> > > > > As attacks through web applications continue to rise,
> > you need to
> > proactively
> > > > > protect your applications from hackers. Cenzic has the most
> > comprehensive
> > > > > solutions to meet your application security
> > penetration testing and
> > > > > vulnerability management needs. You have an option to go with a
> > managed
> > > > > service (Cenzic ClickToSecure) or an enterprise
> > software (Cenzic
> > Hailstorm).
> > > > > Download FREE whitepaper on how a managed service can help you:
> > > > > http://www.cenzic.com/news_events/wpappsec.php
> > > > > And, now for a limited time we can do a FREE audit for
> > you to confirm
> > your
> > > > > results from other product. Contact us at request@cenzic.com
> > > > >
> > --------------------------------------------------------------
> > --------------
> > --
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ________________________________
> > > CONFIDENTIALITY NOTICE: This e-mail, including attachments,
> > is for the
> > > sole use of the individual(s) to whom it is addressed, and
> > may contain
> > > confidential and privileged information, including HIPAA protected
> > > PHI. Any unauthorized review, use, disclosure, distribution, or
> > > reproduction is prohibited. If you have received this
> > e-mail in error,
> > > please notify the sender by reply e-mail and destroy this
> > message and
> > > its attachments in its entirety.
> > > > >
> > > >
> > > >
> > >
> > >
> > --------------------------------------------------------------
> > --------------
> > --
> > > This List Sponsored by: Cenzic
> > >
> > > Concerned about Web Application Security?
> > > As attacks through web applications continue to rise, you need to
> > proactively
> > > protect your applications from hackers. Cenzic has the most
> > comprehensive
> > > solutions to meet your application security penetration testing and
> > > vulnerability management needs. You have an option to go
> > with a managed
> > > service (Cenzic ClickToSecure) or an enterprise software (Cenzic
> > Hailstorm).
> > > Download FREE whitepaper on how a managed service can help you:
> > > http://www.cenzic.com/news_events/wpappsec.php
> > > And, now for a limited time we can do a FREE audit for you
> > to confirm your
> >
> > > results from other product. Contact us at request@cenzic.com
> > >
> > --------------------------------------------------------------
> > --------------
> > --
> > >
> > >
> >
> >
> > --------------------------------------------------------------
> > --------------
> > --
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > As attacks through web applications continue to rise, you need to
> > proactively
> > protect your applications from hackers. Cenzic has the most
> > comprehensive
> > solutions to meet your application security penetration testing and
> > vulnerability management needs. You have an option to go with
> > a managed
> > service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm).
> >
> > Download FREE whitepaper on how a managed service can help you:
> > http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to
> > confirm your
> > results from other product. Contact us at request@cenzic.com
> > --------------------------------------------------------------
> > --------------
> > --
> >
> >
> > --------------------------------------------------------------
> > ----------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > As attacks through web applications continue to rise, you
> > need to proactively
> > protect your applications from hackers. Cenzic has the most
> > comprehensive
> > solutions to meet your application security penetration testing and
> > vulnerability management needs. You have an option to go with
> > a managed
> > service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm).
> > Download FREE whitepaper on how a managed service can help you:
> > http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to
> > confirm your
> > results from other product. Contact us at request@cenzic.com
> > --------------------------------------------------------------
> > ----------------
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Free Edition.
> > Version: 7.1.375 / Virus Database: 268.2.1/278 - Release
> > Date: 3/9/2006
> >
> >
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006
>
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:39 EDT