I think he means something like Nessus. Not "Vulnerabilities in the software" but rather "How bad is my configuration, have I missed something". http://www.nessus.org/ If you don't have the resources to run Nessus from outside yourself, you can pick any of your run-off-the-mill Mickey Mouse Security Analysts firm, you know "Running automated scanners since 1984". My current client uses Qualys Guard, it's run to scan two addresses during the weekend and mail me the reports on Monday. It is slightly more evolved than Nessus on some regards, but it also moans about non-issues such as "ZOMG YOU USE NTLM WE AER DOOMED!!!1" and the like. http://www.qualys.com/ But overall the reports are neat, and you can print one for the pointy haired bosses with almost no tech details, and one with all the nasty gritty details and workarounds and external references for the techies if you want. I'd like to mention that an abrasive, aggressive, unpolite Nessus scan used to crash our J2EE server due to the long strings and garbage it would feed your URL to check how tight you are. ... of course for just a matter of "is such and such port accepting connections" you can pay a visit to our alarmist friend Steve Gibson and his scary mustache: https://www.grc.com/x/ne.dll?bh0bkyd2 Just *don't* read the banter on the website. It will make your brain melt. "hidden internet server inside your PC" is not the way I'd describe netbios and smb/cifs. -- Alexandre Gauthier Analyste Réseau / Network Analyst Québec Loisirs 253, boul. Décarie Nord St-Laurent, Québec Canada H4N 2L7 Tel: (514) 340-2964 ________________________________ De : Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Envoyé : 16 mars 2006 22:56 À : [ISAserver.org Discussion List] Objet : [isalist] RE: ISA2004 Vulnerability http://www.ISAserver.org What vulnerabilities are you looking for? Secunia reports ZERO. Think you'll find some that the world's hackers haven't found yet? Thomas W Shinder, M.D. Site: www.isaserver.org <http://www.isaserver.org/> Blog: http://blogs.isaserver.org/shinder/ Book: http://tinyurl.com/3xqb7 MVP -- ISA Firewalls ________________________________ From: Corciega, Michael P. [mailto:MPCorciega@xxxxxxxxxxxxxx] Sent: Thursday, March 16, 2006 9:25 PM To: [ISAserver.org Discussion List] Subject: [isalist] ISA2004 Vulnerability http://www.ISAserver.org Hi Everyone, Is there a tool to test the vulnerability of ISA2004 from External? Thanks, Mykel DISCLAIMER: This Message may contain confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that any use, dissemination, distribution or reproduction of this message is prohibited. If you received this message in error please notify your Mail Administrator and delete this message immediately. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of GMA Network, Inc. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: gauthiera@xxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx