Security Basics mailing list archives
RE: Backported patches - vulnrability scanning
From: Kevin Johnson <kjohnson () secureideas net>
Date: Fri, 09 Jan 2004 22:23:16 -0500
On Fri, 2004-01-09 at 12:02, Sergile, Alain (ISS Atlanta) wrote:
Eric Good Luck, Most scanners depend on banners for revision checks, and or run behavioral checks (checks that can distinguish b/w an unpatched and patched system based on the response received)to determine version. ... I will defer to others in this group to discuses how their security teams manage the issue. Alain Sergile Internet Security Systems
Hi- We will always note the false positive during the test and then go back and verify. Either by manually checking the report or if that is not possible due to various reasons, we will contact the admin after the test but before generating the final report to verify. Kevin --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Backported patches - vulnrability scanning Eric Appelboom (Jan 02)
- <Possible follow-ups>
- RE: Backported patches - vulnrability scanning Sergile, Alain (ISS Atlanta) (Jan 09)
- RE: Backported patches - vulnrability scanning Kevin Johnson (Jan 12)