Based on the many responses we got regarding the 'Packetslinger' diary, here a few notes on how to setup a penetration/cracking exercise.
As a remark: Laws change from area to area. Whatever you do, check your local laws and regulations. Corporate policies, university ethics guidelines and ISP contracts may have to be consulted.
Can you go to jail for running a portscan? Unlikely. But the fact that you consider this question is a good hint that you should get written permission. Internal teams may be given permission via policy documents. See http://www.sans.org/resources/policies/ for templates (e.g. the Audit Vulnerability Scanning Policy or the Risk Assessment Policy).
I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020
Mar 1st 2006
1 decade ago