Educause Security Discussion mailing list archives
Re: False positives scanning Red Hat servers running Apache
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Fri, 27 Apr 2007 05:38:02 +1200
Wyman Miles wrote:
In general, the DoS risk isn't that severe. And, you're not the only person in the world who can cause one. If you are, you probably don't need to bother with vulnerability scanning.
I'm with Wyman on this one. We scan with all tests enabled, even against our productions systems. If we can knock the box over with a scanner then so can anyone else. The backporting of patches issue (as others have mentioned) has been around for a long time. I got so feed up with nessus at the time of all the UNIX FTP vulerabilities (remember weftpd?) that I wrote my own banner grabber script which checked the dates in the banners -- it was *far* more reliable than the version alone (not infalible though!). Russell
Current thread:
- False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- <Possible follow-ups>
- Re: False positives scanning Red Hat servers running Apache Julian Y. Koh (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Aaron Lafferty (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Allison Henry (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Steve Brukbacher (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Russell Fulton (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Clifford Collins (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Bill Ogle (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Mark Rogowski (Apr 26)
- Re: False positives scanning Red Hat servers running Apache Chris Green (Apr 30)
- Re: False positives scanning Red Hat servers running Apache Wyman Miles (Apr 30)