Security Basics mailing list archives

Re: Nessus Scan

From: levinson_k () securityadmin info
Date: 15 Aug 2007 22:11:12 -0000

Can you not simply contest their finding as being baseless in fact?  It wouldn't be the first time.  Nessus and other 
scanners always find things, especially depending on their configuration, that the auditor needs to know to disregard 
as needed.  Tell them where in the written policy it requires this port to be closed in order to pass.  Ask them on 
what basis they changed the vendor's severity rating from low to critical.

Does their scan perhaps pass through a firewall like Checkpoint that performs TCP SYN proxying in order to defend 
against SYN floods?  Maybe that is part of the problem?  Does the OS detection reported by Nessus match the OS running 
on the target host, or is it detecting the OS running on an intermediate firewall?

kind regards,
Karl Levinson
http://securityadmin.info

Current thread:

Re: Nessus Scan, (continued)
- Re: Nessus Scan Chris Halverson (Aug 15)
  - Re: Nessus Scan Erik Luken (Aug 16)
- RE: Nessus Scan Craig Wright (Aug 15)
  - RE: Nessus Scan Erin Carroll (Aug 16)
    - RE: Nessus Scan Craig Wright (Aug 16)
    - RE: Nessus Scan Erin Carroll (Aug 17)
- RE: Nessus Scan Michael LaSalvia (Aug 15)
  - RE: Nessus Scan Serge Vondandamo (Aug 16)
  - Re: Nessus Scan David Jacoby (Aug 17)
- RE: Nessus Scan Chandresh Dedhia (Aug 16)
- Re: Nessus Scan levinson_k (Aug 16)
- Re: RE: Nessus Scan mikef (Aug 16)
  - Re: Nessus Scan Steve Hillier (Aug 16)
- Re: Nessus Scan mikef (Aug 16)
- Re: Nessus Scan mikef (Aug 16)