Security Basics mailing list archives
Re: vulnerabilities from pcap file
From: Todd Haverkos <infosec () haverkos com>
Date: Mon, 06 Dec 2010 10:47:05 -0600
Indeed. And that's basically the gist of passive vuln scanning. The Tenable white paper talks further in terms of intelligent banner analysis for protocols that aren't a simple to glean version info from as http browsers and servers tend to be. Josh Siok <jsiok () smp org> writes:
This is not a tool, but simple example: You could determine what browser and version a host is running from the HTTP headers (User Agent). You could then easily determine if their browser is out of date and contains vulnerabilities. I've never done this, but you could probably set up filters in Wireshark to pick out specific packets that contain specific header information (like IE7). -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Todd Haverkos Sent: Monday, December 06, 2010 9:21 AM To: Maverick Cc: security-basics () securityfocus com Subject: Re: vulnerabilities from pcap file Maverick <myeaddress () gmail com> writes:Hi All, Is there any tool that can detect vulnerabilities that exist on hosts by looking at the pcap captures of their traffic.I don't know specifically, but this is the realm of passive vulnerability scanning if you want to do some googling on the term. Tenable has a white paper on theirs http://www.nessus.org/whitepapers/passive_scanning_tenable.pdf whether it can a .pcap as input and just be run on that rather than doing it in realm time is unknown to me. I hope this helps you on the way to an answer! -- Todd Haverkos, LPT MsCompE http://haverkos.com/
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- vulnerabilities from pcap file Maverick (Dec 03)
- Message not available
- Re: vulnerabilities from pcap file Maverick (Dec 06)
- RE: vulnerabilities from pcap file Sheldon Malm (Dec 06)
- Re: vulnerabilities from pcap file Maverick (Dec 06)
- Message not available
- Re: vulnerabilities from pcap file Todd Haverkos (Dec 06)
- RE: vulnerabilities from pcap file Josh Siok (Dec 06)
- Re: vulnerabilities from pcap file Todd Haverkos (Dec 06)
- Re: vulnerabilities from pcap file Maverick (Dec 07)
- Re: vulnerabilities from pcap file Erik Waher (Dec 07)
- RE: vulnerabilities from pcap file Josh Siok (Dec 06)