Give me your take on this guys...
http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2856786,00.html (http://techupdate.zdnet.com/techupdate/stories/main/0,14179,2856786,00.html)
I'd check somebody's firewall for 5k. Then again...I'd do just about anything for 5k. ;)
http://forums.zdnet.com/group/zd.Tech.Update/it/itupdatetb.tpt/@thread@3066@forward@1@D-,D@ALL/@article@3066?EXP=ALL&VWM=hr&ROS=1 any takers? and finally, this one (my favorite) http://forums.zdnet.com/group/zd.Tech.Update/it/itupdatetb.tpt/@thread@3005@forward@1@D-,D@ALL/@article@3005?EXP=ALL&VWM=hr&ROS=1
So, what exactly do these testers do or use to test? And, should a company be concerned if one group showed up runnin a win 98 box with prepped with smuf attacks? And, are companies out their that lax in their security?
Well, they use whatever methodolgy they come up with. Usually: gather info, scan for info, check possible vulnerabilities, then go to it. What actually software they use is really irrelavent. As far as the 98 box with smurf.c, well, I've yet to see that ported to win32. I think it is worth it for many small to mid-sized companies who dont put enough money into a Security Administrator. Choosing who you want to do it is just like choosing what solution to use for anything else.
Wilnix
Well Will covered it pretty much, but I do want to say this:
Win9x does not have RAW sockets. Therefore, a SMURF is impossible without
addon software. But it hasn't been ported anyways..