Full Disclosure mailing list archives
Re: Top 15 Reasons Why Admins Use Security Scanners
From: Jeremiah Cornelius <jeremiah () nur net>
Date: Wed, 28 Apr 2004 19:28:20 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 28 April 2004 15:35, nicolas vigier wrote:
you get too much false positive because nessus only try to find the version and don't really test the vulnerability. I think the right way to do it is to use a scanner which will use an exploit to test the vulnerability. Unfortunately an exploit is not always avaible for every vulnerability.
This depends on the individual NASL script. Safe-checks only read banners, port combinations, etc. There is nothing preventing a NASL check from mimicking exploit behavior. For instance, some of the DoS checks are canned 'sploits. There are unsafe SMTP checks that will send mail to a file in the /etc or /var/log hierarchies. This does not rely on banners, but behaviors. You could adjust the NASL to do real harm to a vulnerable system. True, Nessus doesn't run codes for a remote shell against indications of of a buffer overflow. That's when judicious manual checking is called for - where the tool leaves off. Admins are in a privileged position to do these checks - as opposed to the pen-test auditor whos hand checks require adoption of invasive behavior. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAkGhNJi2cv3XsiSARAsqQAJ4mFG2DYPvMKsshYJNcpsPz669vwACgjhbo Il5M+As7tDyluevsvYBQt5g= =jYUS -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Top 15 Reasons Why Admins Use Security Scanners Joel R. Helgeson (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners nicolas vigier (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners Jeremiah Cornelius (Apr 28)
- <Possible follow-ups>
- RE: Top 15 Reasons Why Admins Use Security Scanners Joe User (Apr 28)
- RE: Top 15 Reasons Why Admins Use Security Scanners Harlan Carvey (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners Codex (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners Rick Updegrove (Apr 28)
- Re: Top 15 Reasons Why Admins Use Security Scanners nicolas vigier (Apr 28)