Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nessus exceptions

From: hellNbak <hellnbak () nmrc org>
Date: Tue, 3 Aug 2004 14:11:30 -0500 (CDT)
Would it not be much easier to capture the traffic and compare it to known
(generated in a controlled environment) Nessus scanning traffic?  There
will be signatures and it should be easy to spot.

You could even take this one step further and check if your favorite NIDS
will recognize the standard signatures generated by a Nessus scan as well
as other tools.  This would allow you to passively log the traffic and
allow the IDS rules to identify what has been pointed at your systems.

Personally, I like the first option as it removes the potential for silly
errors on an automated systems part.

On Mon, 2 Aug 2004, Chris Griffin wrote:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi list,
Im trying to find some good holes, that aren't major security issues,
that i can create on a machine to see if our testing company really
uses anything other than nessus.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBDo7EeFLbG0PZdVwRAmaSAJ9gHU7w6vbI9DGKWa7xmUQ31qKSBQCgpcpq
cC69CeYr16OsfuYu6u1oe8U=
=bGZi
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: