lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jeremiah at nur.net (Jeremiah Cornelius) Subject: Top 15 Reasons Why Admins Use Security Scanners -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 28 April 2004 15:35, nicolas vigier wrote: > you get too much false positive because nessus only > try to find the version and don't really test the vulnerability. > I think the right way to do it is to use a scanner which will use > an exploit to test the vulnerability. Unfortunately an exploit is > not always avaible for every vulnerability. This depends on the individual NASL script. Safe-checks only read banners, port combinations, etc. There is nothing preventing a NASL check from mimicking exploit behavior. For instance, some of the DoS checks are canned 'sploits. There are unsafe SMTP checks that will send mail to a file in the /etc or /var/log hierarchies. This does not rely on banners, but behaviors. You could adjust the NASL to do real harm to a vulnerable system. True, Nessus doesn't run codes for a remote shell against indications of of a buffer overflow. That's when judicious manual checking is called for - where the tool leaves off. Admins are in a privileged position to do these checks - as opposed to the pen-test auditor whos hand checks require adoption of invasive behavior. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAkGhNJi2cv3XsiSARAsqQAJ4mFG2DYPvMKsshYJNcpsPz669vwACgjhbo Il5M+As7tDyluevsvYBQt5g= =jYUS -----END PGP SIGNATURE-----
Powered by blists - more mailing lists