Security Basics
nmap root vs user question Oct 04 2013 09:29PM
ToddAndMargo (ToddAndMargo zoho com) (3 replies)
RE: nmap root vs user question Oct 07 2013 02:39PM
Rob (synja synfulvisions com)
Is anybody else somewhat worried about this person doing penetration testing
and PCI compliance auditing?

No offense dude, but this is not something that can be learned from a
security basics mailing list.

I do want to help, and I do want you to learn, but not at the expense of a
client's security.

> *From:* ToddAndMargo
> *Subject:* bandwidth question
> Hi All,
>
> A customer has asked me to do some human penetration
> testing for PCI compliance. I am planning on doing a bunch
> of probing with nmap to look for openings. I plan to log into
> the customer's network with Open VPN over my DSL line.
> (And Metasploit when I figure out how to use it too.)
>
> Question: what kind of bandwidth do I need? I have
> ~3 Mbps download and ~.7 Mbps upload? Am I going
> to swamp my DSL modem? Or is there enough wait time
> between probes that that is not an issue?
>
> Many thanks,
> -T

Yeah.... This is going to end up with an entry in datalossdb.org
Rob

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of ToddAndMargo
Sent: Friday, October 04, 2013 5:29 PM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: nmap root vs user question

Hi All,

"#" is my "root" prompt and "$" is my user prompt.

Question: why does namp sometimes work as root and not as a user? Why no
warning that a command has to be run as root?

This works as root:
# nmap -p T:5020,5900 192.168.202.210
Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-04 14:25 PDT
Nmap scan report for 192.168.202.210
Host is up (0.00063s latency).
PORT STATE SERVICE
5020/tcp filtered zenginkyo-1
5900/tcp filtered vnc

Same command does not work as a user:
$ nmap -p T:5020,5900 192.168.202.210
Starting Nmap 6.40 ( http://nmap.org ) at 2013-10-04 14:25 PDT
Note: Host seems down. If it is really up, but blocking our
ping probes, try -Pn

Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727
d1
------------------------------------------------------------------------

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: nmap root vs user question Oct 07 2013 12:30PM
Robert Larsen (robert the-playground dk) (1 replies)
RE: nmap root vs user question Oct 07 2013 03:58PM
Jeff Fears (jfears apusolutions com)
Re: nmap root vs user question Oct 07 2013 12:24PM
Jason Hellenthal (jhellenthal dataix net)


 

Privacy Statement
Copyright 2010, SecurityFocus