IDS mailing list archives
Re: Cisco CTR
From: Renaud Deraison <deraison () nessus org>
Date: Mon, 17 Nov 2003 16:55:24 -0500
On Mon, Nov 17, 2003 at 03:03:32PM -0500, Martin Roesch wrote: [Disclaimer: I co-designed NeVO]
Nevo is being billed as a passive vulnerability "scanner" whereas RNA is being billed as a passive network discovery system.
No - you're playing with words. When designing a vulnerability scanner, you need it to give you information about the network assets (OS, ports, versions...) - the simple fact that a mysterious port is open can be a vulnerability in itself. Having designed Nessus before NeVO, I decided to take the exact same approach: report whatever can be reported as long as it make sense (reporting the "MAC address" of a host which is one hop away does not, for instance). What NeVO does not do though, is to draw a topology map based on the number of hops separating the sensor from the remote hosts, since this is only 1d data, and adding a 2nd or 3rd dimension to it relies on best guesses, and in the end it does not reflect the reality. Finally, keep in mind that NeVO is really just a sensor and that it's best to exploit its data with our Lightning Console, otherwise I understand that the amount of information might be difficult to grasp. -- Renaud --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 and use priority code SF4. ---------------------------------------------------------------------------
Current thread:
- Re: Cisco CTR, (continued)
- Re: Cisco CTR Ron Gula (Nov 13)
- Re: Cisco CTR John Lampe (Nov 13)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 17)
- Re: Cisco CTR Ron Gula (Nov 17)
- Re: Cisco CTR Martin Roesch (Nov 19)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 20)
- Re: Cisco CTR Ron Gula (Nov 19)
- Re: Cisco CTR Renaud Deraison (Nov 19)
- Re: Cisco CTR Martin Roesch (Nov 19)
- Re: Cisco CTR Renaud Deraison (Nov 20)
- Re: Cisco CTR Martin Roesch (Nov 20)
- Re: Cisco CTR Renaud Deraison (Nov 20)
- Message not available
- Re: Cisco CTR Mark Teicher (Nov 20)
- Re: Cisco CTR Ron Gula (Nov 20)
- RE: Cisco CTR David J. Meltzer (Nov 25)
- Re: Cisco CTR Martin Roesch (Nov 27)