Security Basics mailing list archives
Re: Nessus Scan
From: levinson_k () securityadmin info
Date: 15 Aug 2007 22:11:12 -0000
Can you not simply contest their finding as being baseless in fact? It wouldn't be the first time. Nessus and other scanners always find things, especially depending on their configuration, that the auditor needs to know to disregard as needed. Tell them where in the written policy it requires this port to be closed in order to pass. Ask them on what basis they changed the vendor's severity rating from low to critical. Does their scan perhaps pass through a firewall like Checkpoint that performs TCP SYN proxying in order to defend against SYN floods? Maybe that is part of the problem? Does the OS detection reported by Nessus match the OS running on the target host, or is it detecting the OS running on an intermediate firewall? kind regards, Karl Levinson http://securityadmin.info
Current thread:
- Re: Nessus Scan, (continued)
- Re: Nessus Scan Chris Halverson (Aug 15)
- Re: Nessus Scan Erik Luken (Aug 16)
- RE: Nessus Scan Craig Wright (Aug 15)
- RE: Nessus Scan Erin Carroll (Aug 16)
- RE: Nessus Scan Craig Wright (Aug 16)
- RE: Nessus Scan Erin Carroll (Aug 17)
- RE: Nessus Scan Erin Carroll (Aug 16)
- Re: Nessus Scan Chris Halverson (Aug 15)
- RE: Nessus Scan Michael LaSalvia (Aug 15)
- RE: Nessus Scan Serge Vondandamo (Aug 16)
- Re: Nessus Scan David Jacoby (Aug 17)
- RE: Nessus Scan Chandresh Dedhia (Aug 16)
- Re: Nessus Scan levinson_k (Aug 16)
- Re: RE: Nessus Scan mikef (Aug 16)
- Re: Nessus Scan Steve Hillier (Aug 16)
- Re: Nessus Scan mikef (Aug 16)
- Re: Nessus Scan mikef (Aug 16)