Thursday, September 30, 2010

General scanners vs. custom tools

General scanners vs. custom tools
Why? Why not use a vulnerability scanner that checks for 1000 vulnerabilities on a host, and just see what it comes up with? Well - it's tasteless, it consumes bandwidth, CPU power, lots of time, and most important, it will light up any IDS (or semi-alive sysadmin) like a Christmas tree. Furthermore, the general vulnerability scanners are not always that effective and up to date (there are exceptions of course). Custom-made scanners is tailored for the occasion, they are streamlined, and they are not as noisy as general scanners. Imagine taking an "all-terrain 4x4" to the surface of Mars...
How to decide to load the weapons? Most scanners look for vulnerabilities in services. A service is normally bound to a specific port. Thus, finding what ports are open on a host will tell us what services it runs, which in turn will tell us how to configure our scanners. Many scanners have a portscanning utility built-in, and claim to scan only "discovered" services. Most of the time this works well - but you will find that it have limitations. There is no substitute for plain common sense.

No comments:

Post a Comment

hacking tools