Penetration Testing mailing list archives
Re: Nessus, Harmful?
From: Himanshu Goyal <idhimanshu () gmail com>
Date: Fri, 29 Jan 2010 12:28:03 +0530
There are few plugins for destructive attacks like DOS in NESSUS. You need to make sure that they are unchecked before running the scan. Regards, Himanshu On Fri, Jan 29, 2010 at 3:45 AM, Shohn Trojacek <trojacek () gmail com> wrote:
Hello, I've brought down my fair share of devices using Nessus, so I would always advise the client as to the residual risk and if possible try to do this under a change request. Generally, I ask that a couple people be clued into my activities, but not to tell the entire IT department so as to spoil the testing if this is on a penetration test. I've had good success when running safe checks, disable DoS, etc. Once, several years ago I had hacked up nessus a bit into what could only be described as a "scanning cluster". I found that I was able to reboot Cisco catalyst switches about every 10 minutes when I had 16 machines running scans in parallel. This is an extreme example though. I've had other scanners including various Web app scanners bring things down too. In some cases, I had a replication of the production environment and then scanned the "mock" production environement when availability was more concerning than confidentiality. Generally, I've found it better to just be straight forward and honest about the risks and this calms people. If you seem skittish, they will be too. Godspeed, Shohn On Wed, Jan 6, 2010 at 11:17 PM, Zaki Akhmad <zakiakhmad () gmail com> wrote:Hello, I want to do a nessus scanning, but before I'd like to know is it nessus scanning harmful? Because I don't want to make the server down. Thanks! -- Zaki Akhmad ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Nessus, Harmful? Zaki Akhmad (Jan 11)
- RE: Nessus, Harmful? Swaminathan, Balaji (Jan 11)
- Re: Nessus, Harmful? Mohamed Aymen SAHLI (Jan 11)
- Re: Nessus, Harmful? Adel Abushaev (Jan 11)
- Re: Nessus, Harmful? Joseph J. Snyder III (Jan 11)
- Re: Nessus, Harmful? John Jasen (Jan 28)
- RE: Nessus, Harmful? Genaro Liriano (Jan 28)
- Re: Nessus, Harmful? Jeremy Brown (Jan 28)
- Re: Nessus, Harmful? Adriel T. Desautels (Jan 28)
- RE: Nessus, Harmful? Genaro Liriano (Jan 28)
- Re: Nessus, Harmful? Shohn Trojacek (Jan 28)
- Re: Nessus, Harmful? Himanshu Goyal (Jan 28)
- Re: Nessus, Harmful? bugs (Jan 29)
- Re: Nessus, Harmful? rajat swarup (Jan 29)
- Re: Nessus, Harmful? Himanshu Goyal (Jan 28)
- <Possible follow-ups>
- Re: Nessus, Harmful? lukasz (Jan 11)
- Re: Nessus, Harmful? Edin Dizdarevic (Jan 11)
- Re: Nessus, Harmful? Adrian Puente Z. (Jan 11)