Re: Finding Nessus False POsitives

[miguel.dilaj () pharma novartis com]

Hi kaps,

To start with, Nessus also gives you the reference to a CVE or BID. Go to 
the Common Vulnerabilities and Exposure or Bugtraq websites and READ.
Another very good source are the RFC (Request for Comments) documents that 
describe a particular protocol. For example you say that you don't know 
how to replicate a PUT or DEL request in HTTP. Go to www.rfc-editor.org, 
search the RFC for HTTP protocol (probably you'll be interested in v1.1 of 
the protocol) and READ it.
Cheers,

Miguel Dilaj (Nekromancer)
Vice-President of IT Security Research, OISSG
www.oissg.org






kaps lock <secnerdkaps () yahoo com>
07/02/2005 00:16

 
        To:     security-basics () securityfocus com
        cc:     (bcc: Miguel Dilaj/PH/Novartis)
        Subject:        Finding Nessus False POsitives



Hi All,
I would like to know how experieced vulnerability
assesment anaylsts determine nessus results as false
positives or not.
The way i ascertain a result being a false positive or
not is by crafting the same http request to the
webserver .
The point where i struggle is how to craft the same
request.I mean if nessus says 
"nessus was able to find the authentication mechanism
behind an smtp server as NTLM how cud i believe or
deduce tis true"
"or nessus cud actually upload a test file with PUT
and then delete the TEST file with DEL on the
webserver"

how can i determine these to be true?
thanks
kaps


 
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - Easier than ever with enhanced search. Learn more.
http://info.mail.yahoo.com/mail_250