Firewall Wizards mailing list archives

RE: commercial va

From: "Darden, Patrick S." <darden () armc org>
Date: Thu, 17 Apr 2003 10:27:58 -0400

Cisco Routers and Switches were DOSed, even in safe mode, due to a problem
in NMAP's OS guesser (which nessus used to use by default, and still will
use if it is installed).  I think this is fixed now, but it was a real mess
at the time.  Additionally, if you test DOS vulnerabilities, which used to
be by default on, and which inexperienced users would probably click "on",
you open up an unholy can of worms.

--Patrick Darden

Behm, Jeffrey L.
Do you have any specifics on what got "freaked out?" by 
nessus?


Ben Nagy:
Network infrastructure, particularly (in my case) switches with spanning
tree enabled. I still feel the pain. This was a while ago, yada yada, but
AFAIK it's still a fairly widely held belief. Most people recommend that you
avoid routing your nessus scans around a lot, or scanning your
infrastructure (routers, switches, firewalls) devices too heavily.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: commercial va, (continued)
- - Re: commercial va Mark Gumennik (Apr 16)
    - Re: commercial va Anton Chuvakin (Apr 17)
    - Re: commercial va Mark Gumennik (Apr 17)
- Re: commercial va Andy Cuff [Talisker] (Apr 16)
  - Re: commercial va Gary Flynn (Apr 16)
  - Re: commercial va Mark Teicher (Apr 17)
- Re: commercial va Mark Gumennik (Apr 16)
- RE: commercial va Behm, Jeffrey L. (Apr 16)
  - RE: commercial va Ben Nagy (Apr 17)
- RE: commercial va Kalat, Andrew (ISS Atlanta) (Apr 16)
- RE: commercial va Darden, Patrick S. (Apr 17)