Penetration Testing mailing list archives
Re: nessus exceptions
From: hellNbak <hellnbak () nmrc org>
Date: Tue, 3 Aug 2004 14:11:30 -0500 (CDT)
Would it not be much easier to capture the traffic and compare it to known (generated in a controlled environment) Nessus scanning traffic? There will be signatures and it should be easy to spot. You could even take this one step further and check if your favorite NIDS will recognize the standard signatures generated by a Nessus scan as well as other tools. This would allow you to passively log the traffic and allow the IDS rules to identify what has been pointed at your systems. Personally, I like the first option as it removes the potential for silly errors on an automated systems part. On Mon, 2 Aug 2004, Chris Griffin wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi list, Im trying to find some good holes, that aren't major security issues, that i can create on a machine to see if our testing company really uses anything other than nessus. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq cC69CeYr16OsfuYu6u1oe8U= =bGZi -----END PGP SIGNATURE-----
Current thread:
- nessus exceptions Chris Griffin (Aug 03)
- RE: nessus exceptions Jerry Shenk (Aug 03)
- Re: nessus exceptions Andres Riancho (Aug 03)
- Re: nessus exceptions Jacco Tunnissen (Aug 09)
- Re: nessus exceptions hellNbak (Aug 03)
- Re: nessus exceptions Mr. Rufus Faloofus (Aug 03)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Stefano Zanero (Aug 10)
- Re: nessus exceptions FocusHacks (Aug 05)
- Re: nessus exceptions Paul Johnston (Aug 05)
- RE: nessus exceptions Marc Heuse (Aug 05)
- Re: nessus exceptions DokFLeed.Net (Aug 05)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- RE: nessus exceptions R. DuFresne (Aug 09)
- RE: nessus exceptions Jerry Shenk (Aug 09)
- Re: nessus exceptions Pete Herzog (Aug 05)
- <Possible follow-ups>
- Re: nessus exceptions Chris McNab (Aug 05)
(Thread continues...)