I'm curious where russix.com has gone.   I'd been told to look into Russix for a wireless pen I'm doing, but absent any reliable site that's distributing it, I'm a bit hesitant.

OWSA Assistant, BAcktrack 3, and Backtrack 4 beta all seem to be supersets of what Russix offered, best I can tell? 

Heh.  You're getting your megacompanies confused I'm afraid.  HP bought SPI.  IBM bought Watchfire.   :-)    They'll slog it out more than ever.

Thanks for the tip on Paros.  Since I got access to WI and AS, I haven't used its scanning functionality, so my impressions are based on a rather old version apparently!

Wow... great prize, Don!   That's certainly gotten my attention.  :-)

-T

Unfortunately though, despite the huge press splash cuil.com got a month or so ago,  people came quickly to the same conclusion I had when trying it that day:   gee these search results suck! 

http://www.theregister.co.uk/2008/07/31/inside_cuil/

I agree with those who avoid toolbars like the plague and google desktop.  They know enough about me from search terms and IP address only-- I don't need to be logging in, letting them index all my email, or given them a chance to blithely index my hard drive to tune ad delivery to me.    Minority Report anyone?

Paros, as many have mentioned is certainly handy to use as a proxy, and some light scanning.  The price is right.   Spike Proxy Lite has similar benefits albeit clunkier.   

In the commercial realm where you start getting into a lot better coverage, and the tool starts understanding sessions and how to relogin after losing a session, I've used both WebInspect and  Watchfire now IBM Rational Appscan.   These two are quite comparable.  Appscan is definitely worth a look, and is what I've been using most these days.      I believe free trial licenses aren't too hard to come by for evaluation purposes.   Get hooked up with some of the sales guys via the website and you should be able to have a thorough test drive:

http://www-01.ibm.com/software/awdtools/appscan/

Take ya up on Chicagocon, Don (particularly as I missed the spring one due to project deadlines)!  Sorry to not make the par-tay.  Our group from work there ended up choosing that as the night to all go to dinner together, and that impeded me from making good on my initial rsvp.   Sorry to miss meeting the others as well.

If your router doesn't ever respond with ICMP messages of any type, this effectively breaks traceroute in all its flavors iirc.    I believe you may also encounter the distinction in traceroute implementations where Cisco and Linux use UDP packets for the probe while Windows use ICMP echo requests.   The "sensing" mechanism on all OS's I believe relies on ICMP replies.


http://www.cisco.com/warp/public/105/traceroute.shtml



b and g use the same frequency, however b is the older slower standard, g the newer.  g is by standard backward compatible with b, but b hardware can't grok g traffic.    If you want to get very technical about it, the difference between the two is the modulation scheme.  CCK is the scheme used by b,  OFDM is used by g, but by standard, g hardware can deal with
CCK.

http://en.wikipedia.org/wiki/802.11#802.11b

But nothing I recall of the CEH exam got anywhere near that technical regarding modulation.


Just think about this for bit.  If you spoof your IP address in your scan, where will the target send the reply packets?   


Have a look at /etc/services on a linux box.  Or the IANA list of common ports  http://www.iana.org/assignments/port-numbers

I'm not sure I'd come to the conclusion someone is communicating through my fw with SOCKS just because of some probes, but I might conclude that the probes are perhaps hunting for a listening SOCKS server.

If you know C and are interested in getting down to some specifics, give the book the Shellcoder's Handbook a look.  You'll find it extremely interesting. 

You will find that Linux distro very handy for the compilation and debugging environment it affords and all the tools available for it in the hacking realm. 

Gentoo's portage is awfully good about packages being out there that are bleeding edge, particularly for hacking, and  particularly if you run ~x86 ("experimental")  for the packages of interest (portage.keywords if memory serves).

Because Gentoo like to compile from source (which is quite slick), it's not something you'll be terribly happy with as a vmware guest though, depending on the speed of your machine in the event you need to chunk through big packages like window managers and the like.

Whatever works, I agree.   

I'd agree Gentoo is a safe bet to recommend with some caveats-- but don't recommend it to anyone  and give them your email address.  The learning curve is a harsh one and they'll grind your productivity to a halt with questions because it's anything but easy!  :-)   It's also a recommendation I won't give folks on anything but fast fast machines if they intend on using it as a vmware guest--all the emerge compilation can be painfully slow in a VM.  I'd also recommend a low drama window manager if they want to use one--something like fluxbox can keep painful window manager updates from heating up the house when those come out.

But as for figuring out how Linux actually works,  there's really nothing else like it, you can emerge practically any package out there, but gentoo does require care and feeding on a weekly basis, and a real commitment to learning it!

I'm a bit late the party on this thread, but I'd second the recommendation on this course.   Tim's extremely knowledgeable, but his professionalism leaves a bit to be desired sometimes.   Seems to depend on the week! 

Regardless, great class (written by Jack Koziol of Shellcoder's Handbook fame),  capture the flags were useful learning tools, and I did rock the exam and obtain my cert.  I did have several years in infosec previously, and by no means did the whole class pass the first try, but I did leave a happy customer.