lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040303025450.25589.qmail@web21410.mail.yahoo.com> From: cissper at yahoo.com.au (cissper) Subject: loose source routing problem I am lost here! Almost every time when I perform a nessus scan I get this odd vulnerability: loose source routing identified. I really don?t know how that script works but I have to analyse if this is a false positive or not. When I perform a manual traceroute (UDP) to the destination host, I do not get all gateways listed. It looks similar to that (just as an example): 1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms 2 lilac?dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 39 ms 3 lilac?dmc.Berkeley.EDU (128.32.216.1) 19 ms 39 ms 19 ms 4 ccngw?ner?cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 19 ms 5 ccn?nerif35.Berkeley.EDU (128.32.168.35) 39 ms 39 ms 39 ms 6 csgw.Berkeley.EDU (128.32.133.254) 39 ms 59 ms 39 ms 7 * * * 8 * * * How can the nessus plug-in reporting this vulnerability get through to the destination host with loose source routing when I can get through with ICMP and UDP??? Can anybody explain me how this plug-in works? I just think it doesn?t work properly and always provides a false positive! In addiation, can anyone show how to reproduce what the script does? Your help is very much appreciated regards cissper loose source routing, unreliable results Find local movie times and trailers on Yahoo! Movies. http://au.movies.yahoo.com
Powered by blists - more mailing lists