Re: vulnerabilities from pcap file

[Erik Waher <ewaher () gmail com>]

I believe Netwitness will allow passive checks and has a demo version
available. WinPcap may also offer some services, but I have not used
it.

On Mon, Dec 6, 2010 at 11:40 AM, Maverick <myeaddress () gmail com> wrote:
> Dear Friends,
>
> I have explored the passive vulnerability analysis options but the
> issue with those is there is not free or evaluation version available.
> I can't afford tenables PVS and sourcefirs' RNA . Does someone know if
> there is any evalution copy available of RNA or PVS. I know PVS used
> to be NeVO and they released a copy for evaluation a while back but
> its no longer available . I would really appreciate a response in this
> regard.
>
> Best,
> AK
>
> On Mon, Dec 6, 2010 at 8:47 AM, Todd Haverkos <infosec () haverkos com> wrote:
> > Indeed.   And that's basically the gist of passive vuln scanning.
> > The Tenable white paper talks further in terms of intelligent banner
> > analysis for protocols that aren't a simple to glean version info from
> > as http browsers and servers tend to be.
> >
> >
> > Josh Siok <jsiok () smp org> writes:
> > > This is not a tool, but simple example:  You could determine what
> > > browser and version a host is running from the HTTP headers (User
> > > Agent).  You could then easily determine if their browser is out of
> > > date and contains vulnerabilities.  I've never done this, but you
> > > could probably set up filters in Wireshark to pick out specific
> > > packets that contain specific header information (like IE7).
> > >
> > > -----Original Message-----
> > > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Todd Haverkos
> > > Sent: Monday, December 06, 2010 9:21 AM
> > > To: Maverick
> > > Cc: security-basics () securityfocus com
> > > Subject: Re: vulnerabilities from pcap file
> > >
> > > Maverick <myeaddress () gmail com> writes:
> > >
> > > > Hi All,
> > > > Is there any tool that can detect vulnerabilities that exist on hosts
> > > > by looking at the pcap captures of their traffic.
> > >
> > > I don't know specifically, but this is the realm of passive vulnerability scanning if you want to do some googling 
> > > on the term.
> > > Tenable has a white paper on theirs
> > > http://www.nessus.org/whitepapers/passive_scanning_tenable.pdf
> > >
> > > whether it can a .pcap as input and just be run on that rather than
> > > doing it in realm time is unknown to me.
> > >
> > > I hope this helps you on the way to an answer!
> > > --
> > > Todd Haverkos, LPT MsCompE
> > > http://haverkos.com/
> >
> > ------------------------------------------------------------------------
> > Securing Apache Web Server with thawte Digital Certificate
> > In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> > how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> > purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> > set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> > certificates.
> >
> > http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> > ------------------------------------------------------------------------
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------