As I have posted a number of times before, I feel people will be better off compiling their own attack distro.   I completely agree with that and in fact I would be willing to say that anyone that could not do that will have a very limited career as a pentester. 

However, I see nothing wrong at all with a beginner referencing a tool off of Backtrack to see how a tool should work as he is learning to compile and customize his own distro. I humbly disagree that Backtrack or other live CDs are not an OS and just a tool,especially when installed to the hard drive. Ubuntu is a live CD and I consider that a legitimate OS.  As I mentioned before, Muts (whose skill level is highly respected) uses Backtrack as his main distro.  A while back, as a fun project, I wanted to see how far I could customize Backtrack and was able with a little effort to customize it into a fairly decent distro that had every media and office app I wanted, etc.  I should say that customizing it is different and a little more cumbersome due to its “module” approach.  I asked Muts one time why he chose to use Slax instead of another distro that might be a little more universal in its approach. He responded that he chose Slax because of the ease of adding modules before burning the final live CD.  That way you could customize your own live CD. Interestingly, he then told me he didn’t run it as a live CD because it was too slow and preferred a hard drive or VMware install.  It makes me wonder if down the road he might migrate to something like Ubuntu.

Thats just my perception of it and each person will have to decide whats best for them. I do think you can make a very strong case for compiling your own attack distro, even for casual use by an admin.

I really like the idea of this, especially for people new to linux and linux tools.
Run Backtrack to get a quick feel for how tools work, but also compile those tools on a distro with a lot of community support like Ubuntu to get the full linux experience. 

Muts (creator of BT) uses it as his everyday distro. Yes, of course you can use it as your day to day distro,espicailly if you are experienced with Linux, but you would be better off using something with more community support for day to day apps. Ubuntu is still what I recommend for beginners and casual day to day use.

I actually liked silxp's post and enjoy people that post with a little passion, regardless if I agree 100% with them. I still maintain that a cert is only as good as the person behind it. So much depends on what you want to focus on.  For instance some doors will be completely closed to you if you don't have a CISSP. In other IT fields you might get along just fine without it.   As he stated, take it with a grain of salt and mileage may very.  Thanks for taking the time to post your thoughts here silxp. 

Yes thats true and it amazes me that I have an Aunt that is in her late sixties with little computer knowledge that uses Linux just fine! Opps, didnt mean to hijack this thread, lol!

Yes I agree about the usefulness of a GUI for a demo. When you state that Linux wouldn't be where it is today if it didn't have a nice front end, I assume you mean public appeal?  If so, I would say thats also very true. But as fas as it doing much to  facilitate hacking, I would say all the eye candy has not had much of an impact and in fact gets in the way sometimes.  Command line is still the home for the hacker. Well, at least 80 to 90% of the time.

When Fyodor demonstrated some of the new aspects of Nmap at the last Defcon, the audience applauded. That actually surprised me considering the tradition of looking down on GUIs.

I am sure this has been posted and many already know about it, but I thought I would mention it again just in case its helpful. Pretty cool stuff! you can get VPN working and the ability to access your home network from off-site is very cool...

http://lifehacker.com/software/router/hack-attack-turn-your-60-router-into-a-600-router-178132.php

This is one of the oldest "hacks" around for personal email. I have used it myself on occasions when I was asked to test the security of personal emails.  I usually recommend false data to be used for your password reset.

EXCELLENT!  Good grab considering his book seems like the most recommended for the CEH test on this site.

Yes, I agree with both the above posts and I was attempting to acknowledge environmental variables. I just have a problem with blanket statements like "The argument that a person should use netcat over telnet or ftp is absurd."  Every network will be different and might be subject to different regulation. For instance, if an admin feels his network is too unwieldy or perhaps his skill level isn’t up for the challenge then perhaps the only safe solution is a more generic approach.
 
I am sure we would all agree that in some environmental circumstances the use of tools like netcat would be acceptable and in others it might not be appropriate.  If we claim to be hackers as well as network admin and not some “cant think outside the box” corporate suit , being intelligently flexible is a desirable quality and this approach reflects that. Just my 2 cents.

I agree completely with Grendel's thoughts on this.  To disregard a tool because its either too much trouble to implement or it sets off an AV or OMG it’s known to be used by hackers is not a valid approach in my humble opinion.  I know a number of very skilled admins that use netcat in their network environment as well as other  scary “hacker” tools like nmap, nessus, etc… without any issues what so ever. Why?  Well, they are really on top of their security and have everything locked down very tight.  Any extra activity from a dreaded hacker tool will be discovered quickly.  Obviously an AV is not the only thing in place to monitor activity.  However, making generic statements regarding the security of any network can be dangerous. Each situation is different as well as the level of skill of those that have the responsibility of maintaining the flow of the network.  Having said that, if tomorrow I get a call from one of these admins saying he got breached because he allowed the use of netcat (I highly doubt it), then I will obviously change my opinion, lol. 

The argument that netcat shouldn't be used or doesn't have value in a network environment because its detected by AVs is specious to say the least. I agree completely with the statement that FTP and Telnet are dead protocols, if what was meant that they are dated and there are better solutions.

"Inside" the network is where sniffing is done.  Well unless you hack the server of the ISP or intercept the traffic before it reaches the destination modem, but good luck doing that. 

Hey Grendel,
  Yes, as soon as I have a little extra time I will check out the next disks and report back.  I really support your efforts in this direction and thanks for finding your way to our forum.