From: Indian T. <ind...@ma...> - 2003-01-13 15:46:54
|
Dear All, I am new to this list and heartily apologies if I could have put any irrelevant query. OSSTMM has defined fantastic rules and guidelines on testing security. Is there any document available on OSSTMM, which describe how to do tasks or described them in detail? I have some queries on how to perform rules and guidelines. Some of them I have written today, very soon I=92ll come with some more=85 Comments are in-line Network Surveying Examine tracks from the target organization. =95 Search web logs and intrusion logs for system trails from the target network. What could be the possible =93keywords=94 to search here for web and intrusion logs? Information Leaks =95 Examine target web server source code and scripts for application servers and internal links. What to check here? Is it indicating to check client side script? Port Scanning Tasks to perform for a thorough Port Scan: Error Checking =95 Check the route to the target network for packet loss =95 Measure the rate of packet round-trip time =95 Measure the rate of packet acceptance and response on the target network =95 Measure the amount of packet loss or connection denials at the target network Which tools can be used to perform mentioned tasks, and how to use these results further? Enumerate Systems =95 How to "Collect broadcast responses from the network". Is it to stop Smurf kind of attacks? What setup I need in my Lab to test this? Services Identification Tasks to perform for a thorough service probe: =95 How to =93Locate and identify service remapping or system redirects=94. =95 Use UDP-based service and trojan requests to all the systems in the network. How to use UDP-based service requests to all the systems in the network. That's all for now. Any comment, highly appreciated. Cheers! Indian Tiger, CISSP |