Security Basics mailing list archives
Re: vulnerabilities from pcap file
From: Erik Waher <ewaher () gmail com>
Date: Tue, 7 Dec 2010 12:47:18 -0800
I believe Netwitness will allow passive checks and has a demo version available. WinPcap may also offer some services, but I have not used it. On Mon, Dec 6, 2010 at 11:40 AM, Maverick <myeaddress () gmail com> wrote:
Dear Friends, I have explored the passive vulnerability analysis options but the issue with those is there is not free or evaluation version available. I can't afford tenables PVS and sourcefirs' RNA . Does someone know if there is any evalution copy available of RNA or PVS. I know PVS used to be NeVO and they released a copy for evaluation a while back but its no longer available . I would really appreciate a response in this regard. Best, AK On Mon, Dec 6, 2010 at 8:47 AM, Todd Haverkos <infosec () haverkos com> wrote:Indeed. And that's basically the gist of passive vuln scanning. The Tenable white paper talks further in terms of intelligent banner analysis for protocols that aren't a simple to glean version info from as http browsers and servers tend to be. Josh Siok <jsiok () smp org> writes:This is not a tool, but simple example: You could determine what browser and version a host is running from the HTTP headers (User Agent). You could then easily determine if their browser is out of date and contains vulnerabilities. I've never done this, but you could probably set up filters in Wireshark to pick out specific packets that contain specific header information (like IE7). -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Todd Haverkos Sent: Monday, December 06, 2010 9:21 AM To: Maverick Cc: security-basics () securityfocus com Subject: Re: vulnerabilities from pcap file Maverick <myeaddress () gmail com> writes:Hi All, Is there any tool that can detect vulnerabilities that exist on hosts by looking at the pcap captures of their traffic.I don't know specifically, but this is the realm of passive vulnerability scanning if you want to do some googling on the term. Tenable has a white paper on theirs http://www.nessus.org/whitepapers/passive_scanning_tenable.pdf whether it can a .pcap as input and just be run on that rather than doing it in realm time is unknown to me. I hope this helps you on the way to an answer! -- Todd Haverkos, LPT MsCompE http://haverkos.com/------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- vulnerabilities from pcap file Maverick (Dec 03)
- Message not available
- Re: vulnerabilities from pcap file Maverick (Dec 06)
- RE: vulnerabilities from pcap file Sheldon Malm (Dec 06)
- Re: vulnerabilities from pcap file Maverick (Dec 06)
- Message not available
- Re: vulnerabilities from pcap file Todd Haverkos (Dec 06)
- RE: vulnerabilities from pcap file Josh Siok (Dec 06)
- Re: vulnerabilities from pcap file Todd Haverkos (Dec 06)
- Re: vulnerabilities from pcap file Maverick (Dec 07)
- Re: vulnerabilities from pcap file Erik Waher (Dec 07)
- RE: vulnerabilities from pcap file Josh Siok (Dec 06)