Penetration Testing mailing list archives
Re: MBSA scanner
From: Matt Wagenknecht <matt.wagenknecht () quantum com>
Date: Thu, 22 Apr 2004 08:36:58 -0600
I agree with Eric.. I also use FoundScan from Foundstone. It is by far the fastest and most accurate at host OS identification and vulnerability accuracy.
I am responsible for a network encompassing over 30,000 potential IP addresses with an average of 4,000 live hosts. I was tasked with identifying what our OS inventory was. Since we are not using any client-side inventory management software, the only option was remote identification. Using Foundscan with a 30,000 host target range, I was able to identify the OS on 4,200 hosts that were live at that time in about 3 hours.. It took NMap 3 hours to do just my local subnet of 8,000 IPs (can't remember how many were live, >1000). A follow-up inventory verified a >95% accuracy (we have several devices on our network that are "home grown").
I know the original posting was regarding vuln scanners. NMap is not a vuln scanner and FoundScan was not scanning for vulns in this example, but it shows with real-world numbers that FoundScan is fast.. very fast.. It looks for vulns with the same speed and accuracy. You should see the numbers for a service and service version inventory scan.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Matt Wagenknecht CISSP | MCSE Sr. Security Administrator -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Never be afraid to try something new. Remember, amateurs built the ark; professionals built the Titanic. This email may contain confidential and privileged information for the sole use of the intended recipient. Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies of this email message. Gibson, Eric wrote:
We just finished a long comparative evaluation of Eeye, Foundstone, Tenable, Nessus and ISS. After much consideration we concluded that Foundstone fit our needs best, while still using Nessus for bulk scans. We used to use ISS but switched because the product has not kept up withothers. Nessus is still a great scanner, and you cannot beat the price.I am surprised that FoundStone has not come up in the recommendations sofar.Eric Gibson -----Original Message-----From: Peter Wood [mailto:peterw () firstbase co uk] Sent: Tuesday, April 20, 2004 7:00 AMTo: pen-test () securityfocus com Subject: [BULK] - RE: MBSA scanner We have also moved our allegience to eEye Retina from ISS. It works very well and is the best commercial scanner we've used. We also use CoreImpact for real exploits, which is a great tool IMHO.Pete At 15:58 19/04/2004 -0500, Steve Goldsby \(ICS\) wrote: >We've moved all our business from ISS Scanner to Retina. > >Nessus is still the favorite for cost effictive, high coverage scanning, >but for a commercial product that seems to gain favor with enterprise >clients, eEye is the way to go. > > >Steve Goldsby >www.networkarmor.com > > >-----Original Message----- >From: Nick Duda [mailto:nduda () VistaPrint com] >Sent: Monday, April 19, 2004 1:30 PM >To: e247net; pen-test () securityfocus com >Subject: RE: MBSA scanner > >eEye Retina is great. Quick on the updates also. > >- Nick > >-----Original Message----- >From: e247net [mailto:e247net () hotmail com] >Sent: Saturday, April 17, 2004 4:34 AM >To: pen-test () securityfocus com >Subject: MBSA scanner > >Hi all > >Microsoft baseline scanner cannot work since all the default shares are >disable. >Isn't this be the case for a secure LAN ? Anyway, plse suggest any >alternatives open source tools for conducting vulnerability test in a >LAN typical windows machines. >Thanks > >I have on hand now using nessus, but would like to have another tool. > >Best Regards, > ------------------------------------------------------------------------ -------------------------------------------------------- Peter Wood FBCS CITP MIMIS MIEEE Chief of Operations First Base Technologies +44 (0)1273 454525 www.fbtechies.co.uk www.white-hats.co.uk ------------------------------------------------------------------------ ------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: MBSA scanner, (continued)
- Re: MBSA scanner mike (Apr 19)
- RE: MBSA scanner Nick Duda (Apr 19)
- RE: MBSA scanner Steve Goldsby (ICS) (Apr 19)
- RE: MBSA scanner Peter Wood (Apr 20)
- RE: MBSA scanner Swift Lad (Apr 21)
- RE: MBSA scanner Robert Mehler (Apr 21)
- RE: MBSA scanner Ben Nagy (Apr 22)
- RE: MBSA scanner Robert Mehler (Apr 21)
- RE: MBSA scanner Gibson, Eric (Apr 21)
- Re: MBSA scanner Shawn Edwards (Apr 22)
- RE: MBSA scanner Igor Filippov (Apr 22)
- Re: MBSA scanner Matt Wagenknecht (Apr 22)
- RE: MBSA scanner Jeremiah Cornelius (Apr 22)
- RE: MBSA scanner ELLIS, STEVEN (Apr 22)
- RE: MBSA scanner Altheide, Cory B. (IARC) (Apr 22)
- Re: MBSA scanner nom.de.guerre (Apr 22)
- RE: MBSA scanner Gibson, Eric (Apr 22)