Scanning the Internet for Vulnerabilities

• Previous message (by thread): Scanning the Internet for Vulnerabilities
• Next message (by thread): Scanning the Internet for Vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

It seems to me there's vulnerability testing and there's vulnerability
testing and just lumping them all together motivates disparate
opinions.

For example it's one thing to perhaps see if home routers
login/passwords are admin/admin or similar, or if systems seem to be
vuln to easily exploitable bugs and reporting such problems to someone
in charge versus, say, hammering at some network to see when/if DDoS
mitigation kicks in.

For example I've gotten email in the past that some of my servers were
running ntp in a way which makes them vuln to being used for DDoS
amplification and, I believe, fixed that. I didn't mind.

Anyhow, you all probably get my point without further hypotheticals or
examples.

Scanning for known vulns and reporting can be ok, testing to
destruction? Not so much.

-- 
        -Barry Shein

Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

• Previous message (by thread): Scanning the Internet for Vulnerabilities
• Next message (by thread): Scanning the Internet for Vulnerabilities
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]