Dailydave mailing list archives

Re: Herps

From: "Nexus" <nexus () patrol i-way co uk>
Date: Sat, 28 Feb 2004 10:33:43 -0000


----- Original Message ----- 
From: "Dave Aitel" <dave () immunitysec com>
To: <dailydave () lists immunitysec com>
Sent: Saturday, February 28, 2004 1:01 AM
Subject: [Dailydave] Herps

justify this is by putting ICMP timestamp on their deliverables (or
the equivalent - can we just take that out of Nessus now and stop
having to see it ever again? So many other protocols (SMB and RSYNC
for example) give you the current time that it's really not an issue.
It's really not. Please, please take it out of your vulnerability
database, nessus team, if you read this).


Not a direct security issue per se, granted, but you won't necessarily know
the Client internal policies - they may have a mandated firewall policy that
says no hosts will respond to ICMP traffic from internet based hosts.
Responding to ICMP timestamp is against that policy, so chances are they
would want to know about it so that they can have a word with the firewall
admins.   Arbitrarily deciding what does and does not go in a report is
dangerous ground IMHO - flag it as an obversation rather than a potential
vulnerability.

Cheers.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Herps Dave Aitel (Feb 27)
- Re: Herps wirepair (Feb 27)
- Re: Herps Nexus (Feb 28)
- Re: Herps Max Vision (Feb 28)