Based on the many responses we got regarding the 'Packetslinger' diary, here a few notes on how to setup a penetration/cracking exercise.
As a remark: Laws change from area to area. Whatever you do, check your local laws and regulations. Corporate policies, university ethics guidelines and ISP contracts may have to be consulted.
Can you go to jail for running a portscan? Unlikely. But the fact that you consider this question is a good hint that you should get written permission. Internal teams may be given permission via policy documents. See http://www.sans.org/resources/policies/ for templates (e.g. the Audit Vulnerability Scanning Policy or the Risk Assessment Policy).
I will be teaching next: Defending Web Applications Security Essentials - SANS Security West 2019
Mar 1st 2006
1 decade ago