I would use nessus. You can get a free license for home use. I like it more then SAINT. Tenable Network Security . I had a "sloppy" L2 server and it got pwned. Careful with your WoW server.
onryo
Server security
I have a World of Warcraft private server at home, but I want to test it's security, because i have some ports open. How do i do this with bt3? with medusa or hydra and how do they work? I tested them but with no results, it just always says success, while I typed in a wrong password. Can someone give me a good link to a good tutorial about one of those 2 programs?
I would use nessus. You can get a free license for home use. I like it more then SAINT. Tenable Network Security . I had a "sloppy" L2 server and it got pwned. Careful with your WoW server.
onryo
Let me explain officer, I am not a hacker. I am a security tester of sorts!
If this is a simple windows based server then use the MBSA from Microsoft as well as a program like tcp-view both are free to use and very simple.Originally Posted by whoopa7
I have a World of Warcraft private server at home, but I want to test it's security, because i have some ports open. How do i do this with bt3? with medusa or hydra and how do they work? I tested them but with no results, it just always says success, while I typed in a wrong password. Can someone give me a good link to a good tutorial about one of those 2 programs?
This would probably be much easier and faster for you than trying to install and configure a pentest distro and then try and use it with little or know experience.
If on the other hand you have a nix box and or the desire then start reading here on BT3 or 4 beta.
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Well this is not the only one way to check if the server is secured. To be honest you can't
really know for sure your server is secure, because most of the developers of the private WoW
servers does NOT have a secure coding lifetime / period included at all in their projects
as far as i have seen. If you want to be sure that the server is safe too, i suggest
that you get someone to audit the code and perhaps fuzz it as well.
One general recommendation: Only have the ports open you really NEED to have open.
[quote][I]I realized, that I had fallen down from the top of the mountain into a deep, terrifying and dark hole, just to find out that another mountain in front of me, much greater than the previous, was the next step in life. I began to wander uphill on the next mountain of life while I knew it would be much harder than the previous mountain. [/I]- MaXe[/quote]
One request, don't ask for someone to do it for you on here. We can not verify that it is really your server.
MaXe Legend's suggestion is quite good to audit the code and fuzz it.
Depending on how secure you want it to be, you should consider setting up an IDS and other security measures.
Tiocfaidh ár lá
Posting Permissions