Penetration Testing mailing list archives
[PEN-TEST] NetRecon Assessment Tool
From: Jerry Dixon <jerry () JDIXON COM>
Date: Sat, 2 Sep 2000 13:15:06 -0400
I just finished up running a vulnerability assessment on a Class C using Netrecon. It gave me several false positives indicating trinoo and mstream trojans being installed on several boxes. We ended up running NMAP and did not find the ports that are associated with these trojans to be there. We also did a manual system integrity check of the servers as well just to confirm that we were getting false positives. After going through our manual process of validating that these systems were not infected we ran the Netrecon scan against the ten identified hosts and did not find the trojans. So we decided to run the scan against the Class C again and then got the same false positives. I would be very curious if others have had this same experience with the tool when scanning Class C networks versus scanning ten or so boxes at a time. The moral of the story is, don't rely on one tool but use many that are either freely available or commercially to paint the real picture of what vulnerabilities maybe lurking with in your infrastructure. Again, I would be interested in heaing some additional feedback. I did contact Axent's tech support but they we're pretty non-responsive and was informed we would not hear back until next week. -JD
Current thread:
- [PEN-TEST] NetRecon Assessment Tool Jerry Dixon (Sep 02)
- <Possible follow-ups>
- Re: [PEN-TEST] NetRecon Assessment Tool Moonen, Ralph (Sep 05)