Firewall Wizards mailing list archives

Re: Testing fw for ftp vuln

From: Mikael Olsson <mikael.olsson () clavister com>
Date: Tue, 11 Feb 2003 15:52:21 +0100


Blaise St-Laurent wrote:


I'm fairly sure nessus covers these. 
check out www.nessus.org for more info.


According to http://cgi.nessus.org/plugins/dump.php3 nessus 
does not test for the "small MSS" variant from early 2000,
nor for the new "partial ACK" variant.

I'm not surprised, considering that nessus basically stays on 
the application layer. You need L3/4 smarts for these tests.

/Mike

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com

"Senex semper diu dormit"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Testing fw for ftp vuln Marcus J. Ranum (Feb 01)
- <Possible follow-ups>
- Re: Testing fw for ftp vuln Brian Hatch (Feb 01)
- RE: Testing fw for ftp vuln Blaise St-Laurent (Feb 04)
  - Re: Testing fw for ftp vuln Mikael Olsson (Feb 11)