Like it says, what are some good sites to test Vistas security? I just dl'd the trial version of zonealarm pro, and would like to test vistas firewall against zonealarms.

Thanks in advance guys!

If you PM me your IP Address I'll do a penetration test on your box, nothing nefarious.

If you PM me your IP Address I'll do a penetration test on your box and silently delete Vista while installing a distro of Linux, nothing nefarious.;)

Thanks, I'd rather not pm out my IP. :cool:

ShieldsUp!
https://www.grc.com/x/ne.dll?bh0bkyd2

Thanks, I'd rather not pm out my IP. :cool:

You'll likely not get accurate results without a real scan.

You could always remote into another box and run an nmap scan, nessus, etc.

Thanks, I'd rather not pm out my IP. :cool:
you have a static IP through your ISP? :confused:

you have a static IP through your ISP? :confused:

I know, I even said PM, he doesn't trust me. Fairly sad.

I'll post my IP in this thread, I have absolutely no fear, and I'm static IP with DNS PTR set to my mx.

I know, I even said PM, he doesn't trust me. Fairly sad.

I'll post my IP in this thread, I have absolutely no fear, and I'm static IP with DNS PTR set to my mx.
No, mines dynamic. I get my smc with static in a couple of weeks.

It's not I don't trust you at all evilghost, I thougt pm's were considered not secure, and that it wasn't a good idea to put one out there?

Or is that just very naive? :o

ShieldsUp!
https://www.grc.com/x/ne.dll?bh0bkyd2
Thanks radekhulan!

Now I just have to get evilghost back on board after offending him. :p

Edit: Vistas security is pretty solid according to that website, just found 1 closed port.

Thanks radekhulan!

Now I just have to get evilghost back on board after offending him. :p

Edit: Vistas security is pretty solid according to that website, just found 1 closed port.

You really need to do some egress filtering too, plus, that scan only hit some of the common ports. I'd so something like p0f to see if I could fingerprint/identify the machine based on the TCP/IP stack response. I'd also run an nmap syn scan against the machine to see if there's any ports rejected by DROP or DENY. Drop will be a 'dead' port where-as a DENY will show up as a closed port. Once I had the closed port I'd then try some spoofing SYN scans spoofing an IANA reserved range or your SRC IP to see if the port would then open.

If I found any open ports on the TCP or UDP stack (I'd scan all ports) I'd fire up netcat or nessus and see if I could fingerprint the listening daemon.

You really need to do some egress filtering too, plus, that scan only hit some of the common ports. I'd so something like p0f to see if I could fingerprint/identify the machine based on the TCP/IP stack response. I'd also run an nmap syn scan against the machine to see if there's any ports rejected by DROP or DENY. Drop will be a 'dead' port where-as a DENY will show up as a closed port. Once I had the closed port I'd then try some spoofing SYN scans spoofing an IANA reserved range or your SRC IP to see if the port would then open.

If I found any open ports on the TCP or UDP stack (I'd scan all ports) I'd fire up netcat or nessus and see if I could fingerprint the listening daemon.
I understand a part of that, thanks, but tbh a good deal is over my head. If your still willing, I'll send you the IP.

Thanks evilghost.

You really need to do some egress filtering too, plus, that scan only hit some of the common ports. I'd so something like p0f to see if I could fingerprint/identify the machine based on the TCP/IP stack response. I'd also run an nmap syn scan against the machine to see if there's any ports rejected by DROP or DENY. Drop will be a 'dead' port where-as a DENY will show up as a closed port. Once I had the closed port I'd then try some spoofing SYN scans spoofing an IANA reserved range or your SRC IP to see if the port would then open.

If I found any open ports on the TCP or UDP stack (I'd scan all ports) I'd fire up netcat or nessus and see if I could fingerprint the listening daemon.
damn, you gotta teach me some security. atm, i have no idea how to use iptables nor what the hell to look for.

I understand a part of that, thanks, but tbh a good deal is over my head. If your still willing, I'll send you the IP.

Thanks evilghost.
think about it this way grey, if Vista is as good as they say it is, he shouldnt be able to find anything :D

PM me your IP Addr and I'll scan it from my home DSL box.

damn, you gotta teach me some security. atm, i have no idea how to use iptables nor what the hell to look for.

Sure, would love to.

Could you scan my 192.168.1.x network? :captnkill:

Could you scan my 192.168.1.x network? :captnkill:

I'll get 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12. I'm all over rfc3330!

PM me your IP Addr and I'll scan it from my home DSL box.
PM sent, thanks man!

And I'm with Vin here, I really need to learn more of this.

http://www.faqs.org/rfcs/rfc3330.html

Heres something... Its almost interesting.