Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

[no subject]

From: Stephen J Smoogen <smooge () UNM EDU>
Date: Mon, 31 Mar 2008 17:12:19 -0600
Subject: Re: [SECURITY] Security Related Questions
In-Reply-To: <15372.1206970301 () turing-police cc vt edu>
Message-ID: <alpine.LRH.1.10.0803311707200.23798 () xanadu unm edu>
References: <AD19F18F94C4824AB7D6BE0F7F44D4CF0585A1BAAD () VEX1 CUP EDU>            <47EF96B3.8090600 () uni edu>       
     <B48F725D5B7AAB4CAC5290ACE289EE292EE3969603 () exch-mbx1 pct edu> <15372.1206970301 () turing-police cc vt edu>
User-Agent: Alpine 1.10 (LRH 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-WatchGuard-IPS: message checked
X-WatchGuard-Spam-ID: str=0001.0A010205.47F16FD4.000A,ss=1,fgs=0
X-WatchGuard-Spam-Score: 0, clean; 0, no virus
X-WatchGuard-Mail-Client-IP: 64.106.76.41
X-WatchGuard-Mail-From: smooge () unm edu
X-WatchGuard-Mail-Recipients: SECURITY () listserv educause edu

On Mon, 31 Mar 2008, Valdis Kletnieks wrote:


On Mon, 31 Mar 2008 07:35:57 EDT, Daniel Bennett said:

I used nessus here for a little while.  However, with the most in-depth scans
it was causing servers to go down randomly.  The servers would see the attacks
and shutdown NIC, services, etc.


Installing a different scanner is the Wrong Answer, as it merely papers over
the problem instead of actually fixing it.  If your Nessus scan could fold up
your server, then an attacker can *also* DoS your server with a Nessus scan -
and you probably want to address that scenario, because "run Nessus with all
the bells and whistles and see if anybody notices" is a very common tactic in
the initial phases of an actual attack...


Followed by "Lets run Nessus on 40 computers against them".. followed by
"Lets get all their printers to spew out blank pages with that Nessus
plugin". Actually the worst of all things I ran into though was the
well-intentioned scanning by some subgroup that accidently gets out of
hand.. Make sure you know who has your .0.0 network if you have a /16
:).




--
Stephen Smoogen -- ITS/Linux Administrator
   MSC02 1520 1 University of New Mexico Albuquerque, NM  87131-0001
   Phone: (505) 277-8219  Email: smooge () unm edu
  How far that little candle throws his beams! So shines a good deed
  in a naughty world. = Shakespeare. "The Merchant of Venice"
Previous By Date Next
Previous By Thread Next

Current thread: