Penetration Testing mailing list archives
Re: Nessus, Harmful?
From: Kevin Shaw <kshaw () eeenterprisesinc com>
Date: Thu, 04 Feb 2010 22:41:00 -0500
I'm likely preaching to the choir here; but something I would advise with Nessus or any other vulnerability, configuration, patch or port scanning tool: know your target environment. I work with a different network or communications medium - satellite, microwave - every week. You tune your assessment for the equipment you are looking at - one setting may not break a fiber channel SAN while it will wreak havoc on a small office worth of PCs.
Kev Danijel Starman wrote:
Hello,Few years ago even with one nessus I've managed to crash older cisco catalyst switches. It's all in the choice of plugins.Best Regards, Danijel Shohn Trojacek wrote:Hello, Once, several years ago I had hacked up nessus a bit into what could only be described as a "scanning cluster". I found that I was able to reboot Cisco catalyst switches about every 10 minutes when I had 16 machines running scans in parallel. This is an extreme example though. I've had other scanners including various Web app scanners bring things down too. In some cases, I had a replication of the production environment and then scanned the "mock" production environement when availability was more concerning than confidentiality. Generally, I've found it better to just be straight forward and honest about the risks and this calms people. If you seem skittish, they will be too. Godspeed, ShohnOn Wed, Jan 6, 2010 at 11:17 PM, Zaki Akhmad <zakiakhmad () gmail com> wrote:Hello, I want to do a nessus scanning, but before I'd like to know is it nessus scanning harmful? Because I don't want to make the server down. Thanks! -- Zaki Akhmad------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org------------------------------------------------------------------------------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Nessus, Harmful? Joseph McCray (Feb 02)
- <Possible follow-ups>
- Re: Nessus, Harmful? Jonathan Cran (Feb 02)
- Re: Nessus, Harmful? Danijel Starman (Feb 03)
- Re: Nessus, Harmful? Kevin Shaw (Feb 05)